Monday, June 5, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts


  1. Hacker Tools 2019
  2. Black Hat Hacker Tools
  3. What Are Hacking Tools
  4. Usb Pentest Tools
  5. Hack Tools Pc
  6. World No 1 Hacker Software
  7. Pentest Tools Alternative
  8. Pentest Automation Tools
  9. Pentest Tools Download
  10. Pentest Tools Linux
  11. Hacker
  12. Hacker Tools Software
  13. Hackrf Tools
  14. Android Hack Tools Github
  15. Pentest Tools Find Subdomains
  16. Hacking Tools For Windows
  17. Pentest Tools Download
  18. Hacking Tools Download
  19. Hack Tools Download
  20. Hacks And Tools
  21. Pentest Tools Github
  22. Hacker Search Tools
  23. Hackrf Tools
  24. Pentest Tools For Ubuntu
  25. Tools 4 Hack
  26. Wifi Hacker Tools For Windows
  27. Best Hacking Tools 2019
  28. Beginner Hacker Tools
  29. Pentest Tools For Ubuntu
  30. Hacker Hardware Tools
  31. Pentest Tools Find Subdomains
  32. Hacking Tools Name
  33. Hacking App
  34. Hack Tools For Pc
  35. Usb Pentest Tools
  36. Pentest Tools Subdomain
  37. Best Hacking Tools 2019
  38. Hacking Tools For Pc
  39. Hacker Security Tools
  40. Hacking Tools Kit
  41. Hack Tools Mac
  42. Nsa Hack Tools Download
  43. Hacking Tools Free Download
  44. Pentest Tools Framework
  45. Hacker Tool Kit
  46. Hacker Tools For Ios
  47. Game Hacking
  48. Hacking Tools Github
  49. Pentest Tools Nmap
  50. Pentest Tools Alternative
  51. Pentest Reporting Tools
  52. Hacking Tools And Software
  53. Hack Website Online Tool
  54. Install Pentest Tools Ubuntu
  55. Hack And Tools
  56. Hacking Tools For Games
  57. Hackrf Tools
  58. Hacker Techniques Tools And Incident Handling
  59. Hacker Hardware Tools
  60. Pentest Tools Github
  61. Hacking Tools Online
  62. Hack Tools Online
  63. Pentest Reporting Tools
  64. Android Hack Tools Github
  65. Pentest Tools Windows
  66. Ethical Hacker Tools
  67. Hack Tool Apk
  68. Hacker Tools Linux
  69. Hacking App
  70. Hacking Tools 2020
  71. Hack Tools For Windows
  72. Hack App
  73. Pentest Tools Free
  74. Black Hat Hacker Tools
  75. Hacking Tools For Mac
  76. New Hacker Tools
  77. Hacking Tools For Windows Free Download
  78. What Are Hacking Tools
  79. Wifi Hacker Tools For Windows
  80. What Is Hacking Tools
  81. Hacking Tools For Mac
  82. Physical Pentest Tools
  83. Game Hacking
  84. Hacker Tools Github
  85. How To Hack
  86. Hacks And Tools
  87. Blackhat Hacker Tools
  88. Pentest Tools For Mac
  89. Easy Hack Tools
  90. Pentest Tools Open Source
  91. Hacking Apps

No comments:

Post a Comment