Sunday, August 30, 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts
  1. Hacker Tools For Ios
  2. Pentest Tools Alternative
  3. Physical Pentest Tools
  4. Pentest Tools Framework
  5. Pentest Tools Linux
  6. Hack Apps
  7. How To Hack
  8. Hacking Tools 2020
  9. Hacking Tools Windows 10
  10. Pentest Tools Download
  11. Hacker Tools Online
  12. Physical Pentest Tools
  13. Pentest Tools For Windows
  14. Hacker Tool Kit
  15. Beginner Hacker Tools
  16. Top Pentest Tools
  17. Hacking Tools Free Download
  18. Pentest Tools Nmap
  19. Hack Rom Tools
  20. Hacker Tools Free Download
  21. Tools Used For Hacking
  22. Hacker Techniques Tools And Incident Handling
  23. Hacker Tool Kit
  24. Hacker Security Tools
  25. Pentest Tools Review
  26. Hacking Tools Name
  27. Pentest Tools Subdomain
  28. Pentest Tools Kali Linux
  29. What Are Hacking Tools
  30. Hacker Tools 2020
  31. How To Hack
  32. Pentest Tools Alternative
  33. Hack Tools Mac
  34. Physical Pentest Tools
  35. Tools For Hacker
  36. Pentest Tools For Windows
  37. Pentest Tools Free
  38. Tools 4 Hack
  39. Hack And Tools
  40. Hacker Tools Free
  41. Pentest Tools For Android
  42. Hack Tools Github
  43. Hacker Tools Hardware
  44. Hacker Tools Github
  45. Hacking Tools Usb
  46. Pentest Tools Review
  47. Pentest Tools Download
  48. Best Hacking Tools 2019
  49. Hacking Tools Usb
  50. Pentest Tools Alternative
  51. Best Pentesting Tools 2018
  52. Hacker Search Tools
  53. Pentest Tools Find Subdomains
  54. Blackhat Hacker Tools
  55. Hacking Apps
  56. Hacking Tools
  57. Nsa Hack Tools Download
  58. Physical Pentest Tools
  59. Pentest Tools Github
  60. Black Hat Hacker Tools
  61. Pentest Tools Website
  62. Pentest Tools Website
  63. Pentest Tools Alternative
  64. Termux Hacking Tools 2019
  65. Hacker Tools 2020
  66. Usb Pentest Tools
  67. Android Hack Tools Github
  68. Hacking Tools Hardware
  69. Tools 4 Hack
  70. Hack Tool Apk No Root
  71. Wifi Hacker Tools For Windows
  72. Hacker Tools Mac
  73. Wifi Hacker Tools For Windows
  74. Hacking Tools For Games
  75. Pentest Tools Linux
  76. Hacking Tools Usb
  77. Hack Rom Tools
  78. Tools Used For Hacking
  79. Hacking Tools 2020
  80. Hacking Tools Name
  81. Hacking Apps
  82. Computer Hacker
  83. Pentest Recon Tools
  84. Hacking Tools For Kali Linux
  85. Hacking Tools Pc
  86. Pentest Tools For Android
  87. Hacker Tools Linux
  88. Hacker Tools Mac
  89. Hack Tools Pc
  90. Pentest Tools Url Fuzzer
  91. Hacking Tools For Windows 7
  92. Install Pentest Tools Ubuntu
  93. Hack Tools Pc
  94. Pentest Tools Subdomain
  95. Hacker Techniques Tools And Incident Handling
  96. Hack Tools Mac
  97. World No 1 Hacker Software
  98. Hacker Tool Kit
  99. Hack Tool Apk
  100. Tools For Hacker
  101. Pentest Tools
  102. Hackers Toolbox
  103. Hacking Tools For Windows 7
  104. Hacking Tools And Software
  105. Pentest Tools Nmap
  106. Hacking Tools For Games
  107. New Hack Tools
  108. Hacking Tools For Games
  109. Pentest Tools Review
  110. Android Hack Tools Github
  111. Hacker Tools Free Download
  112. Hack Apps
  113. Hacking Tools Online
  114. Android Hack Tools Github
  115. Pentest Tools Review
  116. Termux Hacking Tools 2019
  117. New Hacker Tools
  118. Pentest Tools Find Subdomains
  119. Termux Hacking Tools 2019
  120. Free Pentest Tools For Windows
  121. Pentest Tools Website Vulnerability
  122. Pentest Tools Tcp Port Scanner
  123. Pentest Tools For Mac
  124. Pentest Tools For Windows
  125. Top Pentest Tools
  126. Hacking Tools Name
  127. Hack Tools Online
  128. Hacker Tools 2020
  129. Pentest Tools Tcp Port Scanner
  130. Best Hacking Tools 2020
  131. Usb Pentest Tools
  132. Hacker Tools
  133. Hacker Tools Linux
  134. Hacking Tools Windows
  135. Hack Tools Mac
  136. Physical Pentest Tools
  137. Beginner Hacker Tools
  138. Hack And Tools
  139. Pentest Tools Linux
  140. Github Hacking Tools
  141. Hacker Tools 2020
  142. Hack Tools For Pc
  143. Hack And Tools
  144. Hack Tools For Windows
  145. Pentest Tools Bluekeep
  146. Hacking Tools Free Download
  147. Hack Tools For Pc
  148. Growth Hacker Tools
  149. Pentest Tools For Mac
  150. Hack App
  151. Hacker Tools Hardware
  152. Install Pentest Tools Ubuntu
  153. Hacking Tools Name
  154. Hacker
  155. Hacking App
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)