In association with heise online

17 November 2010, 11:26

Red Hat warns of hole in OpenSSL

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

SSL Teaser Logo In an advisory, Linux distributor Red Hat has warned that a security vulnerability in OpenSSL can potentially be remotely exploited to break into a server. Affected versions include OpenSSL 0.9.8f to 0.9.8o, 1.0.0 and 1.0.0a. Updating to OpenSSL 0.9.8p or 1.0.0b closes the hole.

The problem is caused by a race condition in the OpenSSL code for parsing TLS extensions. In certain circumstances a heap overflow can potentially be triggered if multiple sessions try to set a host name via a TLS extension. This allows attackers to inject up to 255 bytes of code into the application's heap and to execute it.

However, the OpenSSL developers point out that the flaw only exists on servers which support multi-threading and use OpenSSL's internal caching feature. The Apache web server and solutions such as Stunnel are said not to be vulnerable because they don't support internal caching by default.

When tested on single core processors by the Red Hat developers, the flaw was apparently only exploitable by artificially slowing down the threads. On multi-core processors, the potential for creating a race condition is said to be higher. However, in the cases that have been monitored so far it appears that the race conditions have only crashed server applications.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit