Friday, January 19, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related articles


  1. Nsa Hacker Tools
  2. Pentest Tools Online
  3. Pentest Tools Website Vulnerability
  4. Hacking Tools For Beginners
  5. Hacking Tools Hardware
  6. Pentest Tools Website
  7. Hacker Tools Software
  8. Best Pentesting Tools 2018
  9. Hacker Tools For Mac
  10. Github Hacking Tools
  11. Pentest Tools Review
  12. Hack Tool Apk No Root
  13. Pentest Tools Windows
  14. Hacker Tools Linux
  15. Hacking Tools Github
  16. Hack Tools For Ubuntu
  17. Hacker Tools For Ios
  18. Hacker Tools Windows
  19. Pentest Tools Online
  20. Hackers Toolbox
  21. Hack Website Online Tool
  22. Hack Rom Tools
  23. Pentest Tools Website
  24. Pentest Tools Website Vulnerability
  25. Hacking Tools Download
  26. Hack Tools Online
  27. Hack Tools
  28. Pentest Tools Website Vulnerability
  29. Hacker Tools Apk Download
  30. Underground Hacker Sites
  31. Hackrf Tools
  32. Hacking Tools Windows
  33. Hack Tools Download
  34. What Is Hacking Tools
  35. Hacking Tools For Windows Free Download
  36. Hacker Tools For Mac
  37. Pentest Reporting Tools
  38. Hacker Tools For Mac
  39. Hacker Tools 2019
  40. Usb Pentest Tools
  41. Best Pentesting Tools 2018
  42. Hack Tools 2019
  43. Pentest Tools For Mac
  44. Pentest Tools Alternative
  45. Hack Tools Download
  46. Free Pentest Tools For Windows
  47. Best Hacking Tools 2019
  48. Hack Tools For Games
  49. Best Pentesting Tools 2018
  50. Hacking Tools For Games
  51. Hacker Tools Github
  52. Hacker Tools Free Download
  53. Game Hacking
  54. Top Pentest Tools
  55. Hacking Tools Software
  56. Hack Website Online Tool
  57. Hacker Tools 2019
  58. Hacker Tools Apk Download
  59. Hacker Tools For Pc
  60. Pentest Tools Website
  61. Hacking Tools Windows 10
  62. Bluetooth Hacking Tools Kali
  63. Hacks And Tools
  64. Hacking Tools Hardware
  65. Ethical Hacker Tools
  66. Pentest Tools Find Subdomains
  67. Pentest Tools Review
  68. Hak5 Tools
  69. Pentest Tools Subdomain
  70. Hackrf Tools
  71. Hack Tools Pc
  72. Pentest Tools For Mac
  73. What Is Hacking Tools
  74. Hacker Tools Hardware
  75. Hacker Tools For Mac
  76. Nsa Hack Tools
  77. Pentest Tools Website
  78. Hacking Tools Name
  79. Bluetooth Hacking Tools Kali
  80. Ethical Hacker Tools
  81. Pentest Tools List
  82. Hacker Tools For Mac
  83. Hack Tool Apk No Root
  84. Hacking Tools Pc
  85. Pentest Reporting Tools
  86. Hack Apps
  87. Hack Tools For Pc
  88. Hacker Tools Online
  89. Usb Pentest Tools
  90. Hack Tool Apk No Root
  91. Hack Tools Mac
  92. Pentest Tools Framework
  93. Bluetooth Hacking Tools Kali
  94. Hack Tools Mac
  95. Hak5 Tools
  96. Pentest Tools Review
  97. Pentest Tools Alternative
  98. Hacking Apps
  99. Hacking Tools Name
  100. Hacking Tools Hardware
  101. Hacker Tools 2019
  102. Hacker Hardware Tools
  103. Pentest Tools Bluekeep
  104. Pentest Tools Online
  105. Hacker Tools For Mac
  106. Pentest Tools Android
  107. Nsa Hacker Tools
  108. Hacker Tools Apk
  109. Hacker Tools Free
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)