Thursday, January 18, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news

  1. Hack Tools For Mac
  2. Hack App
  3. Best Hacking Tools 2020
  4. Wifi Hacker Tools For Windows
  5. Pentest Recon Tools
  6. Pentest Tools Download
  7. Tools 4 Hack
  8. Pentest Tools List
  9. Best Hacking Tools 2020
  10. Pentest Tools For Android
  11. What Is Hacking Tools
  12. New Hacker Tools
  13. Pentest Tools Tcp Port Scanner
  14. Best Hacking Tools 2019
  15. Hacker Security Tools
  16. World No 1 Hacker Software
  17. Hacking Tools For Kali Linux
  18. Hacker Techniques Tools And Incident Handling
  19. Hacking Tools Windows 10
  20. Hacker Tools Apk Download
  21. Hack Tools Github
  22. Hack Tools Github
  23. Hacking Tools And Software
  24. Ethical Hacker Tools
  25. Pentest Tools Linux
  26. Pentest Box Tools Download
  27. Hack Tools Github
  28. Hacker Tools Hardware
  29. Hacker Tools Windows
  30. New Hacker Tools
  31. Hacker Tools Free
  32. Pentest Tools Open Source
  33. Hacking Tools Usb
  34. Hacker Hardware Tools
  35. Hacker Tools Linux
  36. Hacker Tools Apk Download
  37. Pentest Reporting Tools
  38. Ethical Hacker Tools
  39. Nsa Hacker Tools
  40. Hacking Tools Free Download
  41. How To Make Hacking Tools
  42. Hak5 Tools
  43. Hacking Tools Mac
  44. Hack App
  45. Best Hacking Tools 2019
  46. Pentest Tools Android
  47. Hackrf Tools
  48. Hacking Tools Free Download
  49. Hack Tools For Ubuntu
  50. Hack Website Online Tool
  51. Tools Used For Hacking
  52. Github Hacking Tools
  53. Pentest Tools List
  54. Hacker Tools Free Download
  55. Hacker Tools List
  56. Pentest Tools Subdomain
  57. Game Hacking
  58. Hacker Tool Kit
  59. Hacker Tools For Windows
  60. Github Hacking Tools
  61. Hack Tools Github
  62. Hacking Tools For Mac
  63. Hacking Tools
  64. Hack Tools For Games
  65. Hacker Security Tools
  66. Hack Tools Github
  67. Hacking Tools For Kali Linux
  68. Pentest Tools Website
  69. Hack Tool Apk No Root
  70. Pentest Tools For Android
  71. Github Hacking Tools
  72. Hack Tools Download
  73. Pentest Tools Website Vulnerability
  74. Kik Hack Tools
  75. Hack Tools Pc
  76. Hacker Tools Github
  77. Tools Used For Hacking
  78. Game Hacking
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)