Sunday, June 4, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related word


  1. Hacking Tools 2019
  2. Easy Hack Tools
  3. Hack Tools
  4. Hacking Tools Kit
  5. Computer Hacker
  6. What Is Hacking Tools
  7. Hacking Apps
  8. Install Pentest Tools Ubuntu
  9. Pentest Reporting Tools
  10. Hacking Tools For Kali Linux
  11. Pentest Tools Website Vulnerability
  12. Pentest Tools For Android
  13. Free Pentest Tools For Windows
  14. Pentest Tools Tcp Port Scanner
  15. Hacker Techniques Tools And Incident Handling
  16. Pentest Tools For Windows
  17. Hacker Techniques Tools And Incident Handling
  18. Easy Hack Tools
  19. Hacking Tools And Software
  20. Best Hacking Tools 2019
  21. Hack Tools Online
  22. Hacking Tools For Kali Linux
  23. Hacking Tools And Software
  24. Pentest Tools List
  25. Easy Hack Tools
  26. Hacker Tools Linux
  27. Game Hacking
  28. Hacking Tools Github
  29. Hacker Tools Free
  30. Pentest Tools Subdomain
  31. Pentest Tools List
  32. Pentest Tools Download
  33. Hacking Tools Windows 10
  34. Hacking Tools Windows 10
  35. Hack Tools For Mac
  36. Pentest Reporting Tools
  37. Hacking Tools Name
  38. Hacking Tools For Windows Free Download
  39. Hack Tools
  40. Hacker Tools Hardware
  41. How To Make Hacking Tools
  42. Pentest Automation Tools
  43. Pentest Tools Review
  44. Hacking Tools Name
  45. Pentest Tools Bluekeep
  46. Hack Tools Download
  47. Pentest Recon Tools
  48. Hacker Tools For Pc
  49. Hacking Tools For Beginners
  50. Best Hacking Tools 2020
  51. Physical Pentest Tools
  52. Hacking Tools Windows
  53. Usb Pentest Tools
  54. Tools For Hacker
  55. Easy Hack Tools
  56. Hack Apps
  57. Pentest Tools
  58. Hacking Tools Usb
  59. Hacking Tools Windows 10
  60. Pentest Tools Github
  61. Hacking Tools And Software
  62. Hack Rom Tools
  63. Pentest Tools Review
  64. Hacking Tools For Beginners
  65. Game Hacking
  66. Hack Tools For Mac
  67. Nsa Hack Tools Download
  68. Hacker Tools 2020
  69. Pentest Tools Apk
  70. Hacking Tools 2020
  71. Hacking Tools For Mac
  72. Hacker Tools Software
  73. Pentest Tools Website
  74. Hak5 Tools
  75. Hacking Tools Windows 10
  76. Hacking Tools Hardware
  77. Usb Pentest Tools
  78. Android Hack Tools Github
  79. Hacker
  80. Pentest Reporting Tools
  81. Beginner Hacker Tools
  82. Hacking Tools For Kali Linux
  83. Hacker
  84. Underground Hacker Sites
  85. Hack App
  86. Nsa Hack Tools Download
  87. Hacking Tools For Pc
  88. Hacking Tools Pc
  89. Nsa Hack Tools Download
  90. Termux Hacking Tools 2019
  91. What Is Hacking Tools
  92. Black Hat Hacker Tools
  93. Best Hacking Tools 2019
  94. Hacker Tools Free
  95. Nsa Hacker Tools
  96. Pentest Tools Github
  97. Hacker Tools Software
  98. Install Pentest Tools Ubuntu
  99. Hacker Tools For Ios
  100. Github Hacking Tools
  101. Hack Tools Download
  102. Pentest Tools Open Source
  103. Beginner Hacker Tools
  104. Pentest Tools Review
  105. Hacking Tools Name
  106. Beginner Hacker Tools
  107. Hack Tools
  108. Hacking Tools Windows
  109. Tools For Hacker
  110. Hacking Tools 2020
  111. Hacker Tools Github
  112. Kik Hack Tools
  113. Tools Used For Hacking
  114. Hackrf Tools
  115. Hacking Tools Kit
  116. Hacking Tools For Beginners
  117. Underground Hacker Sites
  118. Pentest Tools Online
  119. Hacking Tools Free Download
  120. Hacking Tools For Mac
  121. Hacking Tools
  122. Hack Tools Mac
  123. Pentest Tools Bluekeep
  124. Hack Tool Apk No Root
  125. Hacker Tools 2019
  126. Pentest Tools For Windows
  127. Hackers Toolbox
  128. Hack App
  129. Pentest Tools Github
  130. Tools For Hacker
  131. Pentest Automation Tools
  132. Hacker Tools Github
  133. Hacking Tools Download
  134. Hacker Tools For Ios
  135. Hacker Tools For Ios
  136. Hacker Tools Github
  137. Nsa Hack Tools Download
  138. Pentest Tools Port Scanner
  139. Pentest Tools Tcp Port Scanner
  140. Hacking Tools For Beginners
  141. Underground Hacker Sites
  142. Hacking Tools For Windows Free Download
  143. Tools 4 Hack
  144. Physical Pentest Tools
  145. Hacking Tools For Windows Free Download
  146. Pentest Box Tools Download
  147. How To Install Pentest Tools In Ubuntu
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive

About Me

My photo
Mightier than the sword, my pen is.