Friday, August 21, 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news


  1. Underground Hacker Sites
  2. Hack Website Online Tool
  3. Underground Hacker Sites
  4. Hack Tools For Games
  5. Blackhat Hacker Tools
  6. Pentest Tools Tcp Port Scanner
  7. Black Hat Hacker Tools
  8. Hack Tools For Pc
  9. Pentest Recon Tools
  10. Free Pentest Tools For Windows
  11. Hacker Search Tools
  12. Hack Tools Download
  13. Beginner Hacker Tools
  14. Hacker Tools For Pc
  15. Pentest Tools For Ubuntu
  16. Pentest Tools For Windows
  17. Hacks And Tools
  18. Hacker Tool Kit
  19. Nsa Hack Tools
  20. Hack Apps
  21. Hack Tools For Mac
  22. Nsa Hack Tools
  23. Pentest Tools List
  24. Hacker Tools For Pc
  25. Hacking App
  26. Game Hacking
  27. Hacker Tools Apk Download
  28. Nsa Hack Tools Download
  29. Hacking Tools For Kali Linux
  30. Kik Hack Tools
  31. Nsa Hacker Tools
  32. Pentest Tools Website
  33. Pentest Tools Website
  34. Hacking Tools For Kali Linux
  35. Pentest Box Tools Download
  36. Pentest Reporting Tools
  37. Easy Hack Tools
  38. Hacker Tools 2020
  39. Hack Tools 2019
  40. Pentest Tools Online
  41. Hack Tools Online
  42. Hack Tools
  43. Pentest Automation Tools
  44. Growth Hacker Tools
  45. Wifi Hacker Tools For Windows
  46. Hacking Tools Pc
  47. Pentest Tools For Android
  48. Hacker Tools Github
  49. Hacking Tools For Mac
  50. Pentest Tools Website Vulnerability
  51. Hacker Tools Software
  52. Growth Hacker Tools
  53. Nsa Hacker Tools
  54. Free Pentest Tools For Windows
  55. Hacker Tools Free
  56. Hacker Tools Hardware
  57. Hacking Tools Free Download
  58. Nsa Hack Tools Download
  59. Beginner Hacker Tools
  60. Hack Tools For Mac
  61. Hacker Tools
  62. Pentest Tools Alternative
  63. Hacking Tools Windows
  64. Hacker Tools Github
  65. Hack Tools For Games
  66. Hack App
  67. Pentest Tools For Mac
  68. Termux Hacking Tools 2019
  69. Hacking Tools Software
  70. Hacking Tools Kit
  71. Pentest Tools Download
  72. Hacking Tools Online
  73. Ethical Hacker Tools
  74. Pentest Tools Linux
  75. Hack Tools For Games
  76. Hacking Tools For Games
  77. Pentest Tools Url Fuzzer
  78. Hacker Tools Apk
  79. Hack Tools For Windows
  80. Pentest Tools Alternative
  81. Beginner Hacker Tools
  82. Hacking Tools Download
  83. Hacking Tools Download
  84. How To Make Hacking Tools
  85. Tools For Hacker
  86. Hak5 Tools
  87. Pentest Tools Android
  88. Hack Tools For Mac
  89. Hacking Tools For Beginners
  90. Hacking Tools For Beginners
  91. Hacker Tools Apk
  92. Hacker Tools Online
  93. Wifi Hacker Tools For Windows
  94. Usb Pentest Tools
  95. Pentest Tools Android
  96. Pentest Tools Port Scanner
  97. Pentest Tools Review
  98. Kik Hack Tools
  99. Hacker Tools Software
  100. Easy Hack Tools
  101. Pentest Tools Website Vulnerability
  102. Computer Hacker
  103. What Is Hacking Tools
  104. Hacking Tools Windows 10
  105. Pentest Tools Review
  106. Free Pentest Tools For Windows
  107. Pentest Tools For Android
  108. Pentest Tools Android
  109. Best Pentesting Tools 2018
  110. Termux Hacking Tools 2019
  111. Computer Hacker
  112. Nsa Hack Tools
  113. Hack Tools 2019
  114. Physical Pentest Tools
  115. Hacking Tools
  116. Hack Tools Mac
  117. Usb Pentest Tools
  118. Hacker Tools List
  119. Game Hacking
  120. Hacking Tools Hardware
  121. Beginner Hacker Tools
  122. Hacks And Tools
  123. Hacking Tools Software
  124. Hacking Tools 2020
  125. Android Hack Tools Github
  126. Blackhat Hacker Tools
  127. Computer Hacker
  128. Hack Rom Tools
  129. New Hack Tools
  130. Easy Hack Tools
  131. Pentest Tools Alternative
  132. Pentest Tools
  133. Hack App
  134. Hackers Toolbox
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)