Use after free error in OpenSSL and Oracle VM VirtualBox

#VU661 Use after free error in OpenSSL and Oracle VM VirtualBox

Published: 2016-09-26 | Updated: 2017-01-05

Vulnerability identifier: #VU661

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6309

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software
Oracle VM VirtualBox
Server applications / Virtualization software

Vendor: OpenSSL Software Foundation
Oracle

Description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to incorrect implementation of patch for vulnerability CVE-2016-6307. A remote attacker can send a specially crafted message larger than 16 kilobytes and reallocated the buffer, intended to store the message, and then use the dangling pointer to control execution flaw.

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on the target system.

Mitigation
Update to version 1.1.0b.

Vulnerable software versions

OpenSSL: 1.1.0a

Oracle VM VirtualBox: 5.1.7, 5.0.27

External links
http://www.openssl.org/news/secadv/20160926.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM FOS Firmware

Two vulnerabilities in OpenSSL