Sunday, January 28, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related word


  1. Nsa Hacker Tools
  2. Pentest Tools Github
  3. Pentest Tools For Windows
  4. Hack Tools For Mac
  5. Hacking Tools Usb
  6. Hacker Tools Hardware
  7. Hacker Tool Kit
  8. Hack Tools Pc
  9. Hacks And Tools
  10. Install Pentest Tools Ubuntu
  11. Hack Tools 2019
  12. Hack Tools Mac
  13. Free Pentest Tools For Windows
  14. Pentest Tools For Android
  15. Hacking Tools Kit
  16. Hacking Tools Windows
  17. Hacking Tools Github
  18. Hack Tools Github
  19. Blackhat Hacker Tools
  20. Hacker Tools
  21. Hacking Tools Kit
  22. Tools For Hacker
  23. Hacking Tools Free Download
  24. Hack Tools
  25. Pentest Tools Subdomain
  26. Hack Tools For Mac
  27. Hacking Tools Name
  28. Hack Tools Download
  29. Hacking Tools For Mac
  30. Hack Tools Github
  31. Pentest Tools Apk
  32. World No 1 Hacker Software
  33. Underground Hacker Sites
  34. Hacker Tools Free
  35. Growth Hacker Tools
  36. Hack Tools For Pc
  37. Hack Tools Online
  38. Tools For Hacker
  39. Hack Apps
  40. Underground Hacker Sites
  41. Pentest Tools For Ubuntu
  42. Hack Tools For Pc
  43. Hacking Tools Windows 10
  44. Pentest Tools Kali Linux
  45. Hackers Toolbox
  46. Computer Hacker
  47. Hacking Tools For Kali Linux
  48. Tools 4 Hack
  49. Hacking Tools And Software
  50. Pentest Tools Port Scanner
  51. Hacking Tools For Games
  52. Hacking Tools Github
  53. New Hacker Tools
  54. Hacking Tools Name
  55. Pentest Recon Tools
  56. Pentest Tools Open Source
  57. Pentest Tools Alternative
  58. Android Hack Tools Github
  59. Pentest Tools Bluekeep
  60. Hacking Tools Software
  61. Termux Hacking Tools 2019
  62. Hacking Tools Download
  63. Pentest Tools Open Source
  64. Hack Apps
  65. Hacking Tools Windows
  66. Pentest Tools Free
  67. Game Hacking
  68. Hacker Tools For Mac
  69. Pentest Automation Tools
  70. Hack Tool Apk No Root
  71. Wifi Hacker Tools For Windows
  72. Hacking Tools For Beginners
  73. Hacker Tools 2020
  74. Pentest Tools For Ubuntu
  75. Tools 4 Hack
  76. Hackrf Tools
  77. Hacking Tools
  78. Hack Tools 2019
  79. Hacker Tools For Pc
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)