LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:28 (openssl)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:28.openssl] Double Free in OpenSSL
 Allows DoS or Code Execution 


Date:
    	      Tue, 18 Jan 2011 20:54:14 -0700


Message-ID:
    	      <EA47ED24-7B5D-4A10-90A0-2D6091D34DDF@intel.com>


Archive-link:
    	      Article, Thread
              


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:28.openssl				            Security Advisory
                                                                MeeGo Project

Topic:          Double Free in OpenSSL Allows DoS or Code Execution

Category:       Encryption
Module:         openssl
Announced:      September 3, 2010
Affects:        MeeGo 1.0
Corrected:      September 3, 2010
MeeGo BID:	5668
CVE:		CVE-2010-2939

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

II.  Problem Description

CVE-2010-2939: Double free vulnerability in the ssl3_get_key_exchange
function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a,
0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows
context-dependent attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted private key with an
invalid prime. NOTE: some sources refer to this as a use-after-free
issue.
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; Victim must voluntarily interact
with attack mechanism

III. Impact

CVE-2010-2939: Disruption of service and other unknown issues due to
resource management errors (CWE-399)

IV.  Workaround

None

V.   Solution

Update to package openssl-0.9.8m-3.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=5668
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/399.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNNlsWAAoJEEsJm1wYvCMbdtYH/2pR2E38sph0o/FsnvicgYUr
Hs7I6nhtEB4UN9AY5oAPM7BulvBivIZsvrCIC/hAJ2JJfGsRSSlOA3QKngi7t7xQ
SBAgXihwuqd8s81q/sle3gyLTIzfwb+9voK6IfZd+PjUQzx4bdkWNY2AYESt2U3z
rMtuXgvTxbzJdqg6kSY2T0avupX/yBoXw80VNeYG3FAiPpIRvHsy50RaAry+mQ76
gvgSApVAnYofIlpF1Am9hTnSwqi6A3ooDCrZEkpN7tugMZouEGhVXFV6AwiRAvtn
9SjVPfY+V2CzSPHWT0AfnlroxmeiaN5jbchA3Gt9w6yzD8N7dcUCeiUCS+Zen1A=
=OqHp
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds