

OpenSSL CVE-2010-5298 / CVE-2014-0198 - oneiroi
http://www.ubuntu.com/usn/usn-2192-1/
Two more vulnerabilities patched so expect to be seeing package updates soon.<p>The 4 year old CVE-2010-5298 is described  as<p>&quot;Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.&quot;<p>The more concerning part obviously being data injection.<p>CVE-2014-0198 is described as &quot;A null pointer dereference bug was discovered in so_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash,
resulting in a denial of service.&quot;<p>Clearly in the wake of heartbleed OpenSSL is undergoing serious scrutiny; and hopefully this results in a wider attitude change:<p>Just because something is opensource doesn&#x27;t mean someone has audited the code for you, it&#x27;s there you can read it yourself ... 20:20 hindsight eh?<p>Ah well sleep is truely for quitters ... <i>headdesk</i>
======
Velox
This doesn't seem all that important. There are numerous bugs around most
software out there which can cause it to crash. It's not good, but it's also
not the worst one out there.

If it was that bad, it would have been fixed earlier. It was reported first in
2010:
[https://rt.openssl.org/Ticket/Display.html?id=2167&user=gues...](https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest)

It was also fixed a few weeks ago.

Edit: Just noticed that the openssl bug tracker passes the username and
password in the URL. Oh dear...

~~~
jacquesm
At least no google results for anything other than guest show up.

------
oneiroi
r/netsec threads on CVE-2010-5298:

[http://www.reddit.com/r/netsec/comments/22whnm/openssl_useaf...](http://www.reddit.com/r/netsec/comments/22whnm/openssl_useafterfree_race_condition/)

[http://www.reddit.com/r/netsec/comments/23pggy/all_versions_...](http://www.reddit.com/r/netsec/comments/23pggy/all_versions_on_openssl_vulnerable_to_this_one/)

RH Response:
[https://access.redhat.com/security/cve/CVE-2010-5298](https://access.redhat.com/security/cve/CVE-2010-5298)
see the BZ links closed as "not exploitable"

