Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

An attacker can generate a memory leak in some applications using
the OpenSSL CRYPTO_cleanup_all_ex_data() function.

Severity: 2/4

Consequences: denial of service of service, denial of service of
client

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 13/01/2010

IMPACTED PRODUCTS

– Debian Linux
– OpenSSL
– Red Hat Enterprise Linux
– TurboLinux

DESCRIPTION OF THE VULNERABILITY

The CRYPTO_cleanup_all_ex_data() function of OpenSSL frees used
data. However in OpenSSL versions superior to 0.9.8f, this
function does not free the COMP_CTX structure related to zlib
compression, which creates a memory leak.

Applications using the OpenSSL CRYPTO_cleanup_all_ex_data()
function are thus impacted by a denial of service.

In 2008, the Apache httpd mod_ssl module used this function, and
was thus impacted by a denial of service (VIGILANCE-VUL-7969).
This vulnerability was corrected by modifying mod_ssl, instead of
correcting the root of the problem (OpenSSL).

The PHP module with Curl also uses this function, and is thus
impacted by a denial of service. In 2010, developers decided to
not correct PHP/Curl, but to correct the root of the problem
(OpenSSL).

CHARACTERISTICS

Identifiers: CVE-2009-4355, DSA-1970-1, RHSA-2010:0054-01,
TLSA-2010-4, VIGILANCE-VUL-9348
Pointed by: VIGILANCE-VUL-7969

http://vigilance.fr/vulnerability/OpenSSL-memory-leak-of-CRYPTO-cleanup-all-ex-data-9348