Contributed by tbert on from the exploit-mitigation-mitigation dept.
About two years ago, OpenSSL introduced a new feature that youíve never used or even heard about until yesterday, after somebody discovered a bug that could be used to read process memory.
As they say, read the whole thing.
tedu@ has a follow up post in which he finds a particularly nasty bug in the code which sidesteps the malloc.conf options, which means that it cannot, unpatched, be disabled:
Instead of telling people to find themselves a better malloc, OpenSSL incorporated a one-off LIFO freelist. You guessed it. OpenSSL misuses the LIFO freelist. In fact, the bug Iím about to describe can only exist and go unnoticed precisely because the freelist is LIFO.
As they say, read this other thing.
(Comments are closed)