miércoles, 24 de enero de 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related links


  1. Pentest Recon Tools
  2. Hacker Tools Hardware
  3. Hacking Apps
  4. Pentest Tools Alternative
  5. Pentest Tools Framework
  6. World No 1 Hacker Software
  7. Hack Tools For Pc
  8. Pentest Reporting Tools
  9. Hacker Tools Windows
  10. Hacker Tools Linux
  11. Hacking Tools For Games
  12. Hacker Tools Apk Download
  13. Beginner Hacker Tools
  14. Black Hat Hacker Tools
  15. Hacker
  16. Install Pentest Tools Ubuntu
  17. Easy Hack Tools
  18. Nsa Hack Tools Download
  19. Hacking Tools For Kali Linux
  20. Physical Pentest Tools
  21. Hack Tools Github
  22. Hacking App
  23. Hacking Apps
  24. Hacker Tools For Windows
  25. Hacking Tools Free Download
  26. Pentest Tools Linux
  27. Best Hacking Tools 2019
  28. Kik Hack Tools
  29. Hacking Tools Github
  30. Hack Rom Tools
  31. Hacker Tools
  32. Hacker Tools Apk Download
  33. Hacking Tools Kit
  34. Hack Tools Online
  35. Easy Hack Tools
  36. Black Hat Hacker Tools
  37. Hacker Tools Free Download
  38. How To Install Pentest Tools In Ubuntu
  39. Hack Apps
  40. Pentest Tools Website
  41. Hacker Tool Kit
  42. Hack Tools Github
  43. Hack Rom Tools
  44. Pentest Tools Open Source
  45. Hacker Tools For Ios
  46. Hacker Tools Software
  47. Pentest Tools Apk
  48. Ethical Hacker Tools
  49. Hacker Tools Github
  50. Hacker Tools For Pc
  51. Hacking Tools Free Download
  52. Pentest Tools Review
  53. Hacking Tools Online
  54. Pentest Tools List
  55. Tools For Hacker
  56. Hack Tool Apk No Root
  57. Best Pentesting Tools 2018
  58. Hacking Tools Mac
  59. Nsa Hack Tools
  60. Pentest Tools Linux
  61. Hack Tools For Windows
  62. Pentest Tools Framework
  63. Pentest Tools Website Vulnerability
  64. Tools For Hacker
  65. Hacker Tools Github
  66. Hacker Tools Software
  67. Hacking Tools
  68. Pentest Tools Bluekeep
  69. Pentest Tools Subdomain
  70. How To Hack
  71. New Hack Tools
  72. World No 1 Hacker Software
  73. Hack Tools Pc
  74. Hack Tools For Games
  75. Hacking Tools For Kali Linux
  76. Hacker Tools List
  77. Hacker Tool Kit
  78. Pentest Tools Url Fuzzer
  79. Hacker Tools For Windows
  80. Best Hacking Tools 2019
  81. Hacker Tools Hardware
  82. Hack Tools Pc
  83. Hacker Tools Online
  84. Pentest Tools Alternative
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)