hot info

hot info

Wednesday, May 31, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More articles

  1. Hack Tool Apk No Root
  2. Hacking Tools And Software
  3. Pentest Tools Open Source
  4. Pentest Tools Linux
  5. Pentest Tools Android
  6. Pentest Tools Tcp Port Scanner
  7. Hack Apps
  8. Hack Tools Online
  9. Hacking Tools 2019
  10. What Is Hacking Tools
  11. Hack Tools Online
  12. Hack App
  13. What Is Hacking Tools
  14. Hacker Tools Free
  15. Nsa Hack Tools Download
  16. Hacking Tools Github
  17. New Hacker Tools
  18. Hacker Tools For Ios
  19. What Are Hacking Tools
  20. Growth Hacker Tools
  21. Hack Tool Apk No Root
  22. Hack Apps
  23. Best Pentesting Tools 2018
  24. Hack And Tools
  25. Nsa Hacker Tools
  26. Pentest Tools For Ubuntu
  27. Pentest Tools For Ubuntu
  28. Pentest Tools Android
  29. Nsa Hack Tools
  30. Pentest Reporting Tools
  31. How To Hack
  32. Hack Tools For Pc
  33. Hacker Tools 2020
  34. Pentest Tools Open Source
  35. Pentest Tools Alternative
  36. Hacking Tools For Kali Linux
  37. Blackhat Hacker Tools
  38. Pentest Tools Bluekeep
  39. Hacking Tools Free Download
  40. Hacker Tools Hardware
  41. Pentest Tools Review
  42. Blackhat Hacker Tools
  43. New Hacker Tools
  44. Free Pentest Tools For Windows
  45. Hacking Tools Pc
  46. Nsa Hacker Tools
  47. Hacker Tool Kit
  48. Usb Pentest Tools
  49. Hacking Tools
  50. Pentest Tools For Mac
  51. Hacking Tools Windows 10
  52. Hacker Tools Hardware
  53. Hacker Tools 2020
  54. Hacker Tools For Pc
  55. Hack Tools For Mac
  56. New Hacker Tools
  57. Pentest Tools Url Fuzzer
  58. Hacks And Tools
  59. Hacker Tools Windows
  60. Hackers Toolbox
  61. Nsa Hacker Tools
  62. Hacker Tools For Pc
  63. Hacking Tools For Windows 7
  64. Hacking Tools 2020
  65. Hacker Tools Mac
  66. Easy Hack Tools
  67. Pentest Tools Online
  68. Hack Tool Apk
  69. Pentest Tools For Android
  70. Hacker Tools Software
  71. Hack Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)