Openssl c_zlib.c 文件内存泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190522 漏洞类型 资源管理错误
发布时间 2007-05-16 更新时间 2009-06-09
CVE编号 CVE-2008-1678 CNNVD-ID CNNVD-200807-172
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2008070082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200807-172
|漏洞详情
OpenSSL是使用非常广泛的SSL的开源实现。由于其中实现了为SSL所用的各种加密算法,因此OpenSSL也是被广泛使用的加密函数库。Libssl下的Crypto/comp/c_zlib.c文件中的zlib_stateful_init函数存在内存泄露,攻击者可以远程攻击服务器使其瘫痪。
|漏洞EXP

I'm trying to solve a reproducible memory leak that manifests itself
with SSL + Apache2:
    https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/224945

Valgrind, plus our own research, points to a possible memory leak in
crypto/comp/c_zlib.c in libssl0.9.8g.

We see:
        struct zlib_state *state = -> (struct zlib_state
*)OPENSSL_malloc(sizeof(struct zlib_state));
allocating the data.

However, it does not seem that a zlib_stateful_free_ex_data() is called
to free it.


Thanks,
:-Dustin

Dustin Kirkland
Ubuntu Server Developer
Canonical, LTD
GPG: 1024D/83A61194
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org
|参考资料

来源:FEDORA
名称:FEDORA-2008-6393
链接:https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html
来源:issues.apache.org
链接:https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=447268
来源:bugs.edge.launchpad.net
链接:https://bugs.edge.launchpad.net/bugs/224945
来源:bugs.edge.launchpad.net
链接:https://bugs.edge.launchpad.net/bugs/186339
来源:XF
名称:openssl-libssl-dos(43948)
链接:http://xforce.iss.net/xforce/xfdb/43948
来源:UBUNTU
名称:USN-731-1
链接:http://www.ubuntu.com/usn/USN-731-1
来源:BID
名称:31692
链接:http://www.securityfocus.com/bid/31692
来源:BID
名称:31681
链接:http://www.securityfocus.com/bid/31681
来源:REDHAT
名称:RHSA-2009:1075
链接:http://www.redhat.com/support/errata/RHSA-2009-1075.html
来源:MANDRIVA
名称:MDVSA-2009:124
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
来源:VUPEN
名称:ADV-2008-2780
链接:http://www.frsirt.com/english/advisories/2008/2780
来源:svn.apache.org
链接:http://svn.apache.org/viewvc?view=re