Friday, August 28, 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related word


  1. Hack Tool Apk
  2. Hack Tools For Mac
  3. Hacking Tools Free Download
  4. Hack Tools For Ubuntu
  5. Pentest Tools Framework
  6. Termux Hacking Tools 2019
  7. Pentest Tools Linux
  8. Black Hat Hacker Tools
  9. Nsa Hack Tools
  10. World No 1 Hacker Software
  11. How To Make Hacking Tools
  12. Hack Tools 2019
  13. Best Hacking Tools 2019
  14. Hack App
  15. Hacker Tools Github
  16. Hacking Tools 2020
  17. Pentest Tools Kali Linux
  18. Hacker Tools Free
  19. Usb Pentest Tools
  20. Best Pentesting Tools 2018
  21. Hacker Tools Mac
  22. Pentest Tools Open Source
  23. Hacker
  24. Tools 4 Hack
  25. What Are Hacking Tools
  26. Hackrf Tools
  27. Hacking Tools Mac
  28. Hacker Search Tools
  29. Pentest Tools Online
  30. Hacking App
  31. Pentest Tools
  32. Bluetooth Hacking Tools Kali
  33. Hacking Tools Windows 10
  34. Pentest Tools Alternative
  35. Hack Tool Apk No Root
  36. Growth Hacker Tools
  37. Hacker Tools 2019
  38. Kik Hack Tools
  39. Tools For Hacker
  40. Hack Tool Apk No Root
  41. Hacker Tools Github
  42. Pentest Tools For Android
  43. How To Hack
  44. Hack Tool Apk No Root
  45. Hacking Tools Name
  46. Hacker Hardware Tools
  47. Hackers Toolbox
  48. Physical Pentest Tools
  49. Pentest Tools Apk
  50. Pentest Tools Subdomain
  51. Hacking Tools 2019
  52. Pentest Tools Open Source
  53. Android Hack Tools Github
  54. Hacking Tools For Mac
  55. Hacking Tools Free Download
  56. Pentest Tools Open Source
  57. Hacks And Tools
  58. Android Hack Tools Github
  59. Pentest Reporting Tools
  60. Hack Tools Mac
  61. Hack Rom Tools
  62. Pentest Tools Bluekeep
  63. How To Hack
  64. Hacking Tools Usb
  65. Hacking Apps
  66. Hack Tools Mac
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)