Saturday, August 29, 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More info

  1. Hack And Tools
  2. Hacking Tools And Software
  3. Free Pentest Tools For Windows
  4. Hacking Tools Hardware
  5. Hack Tools For Games
  6. Pentest Tools Find Subdomains
  7. Hacks And Tools
  8. Pentest Tools Kali Linux
  9. Hacking Tools Pc
  10. Hacking Tools For Beginners
  11. Ethical Hacker Tools
  12. Hack Tools 2019
  13. Blackhat Hacker Tools
  14. Hack And Tools
  15. Hacker Tools Hardware
  16. Free Pentest Tools For Windows
  17. Hacking Tools For Windows
  18. Pentest Tools Nmap
  19. Tools 4 Hack
  20. Hacking Tools 2020
  21. How To Install Pentest Tools In Ubuntu
  22. Hacking Tools Github
  23. Hacking Tools For Mac
  24. Game Hacking
  25. Hacking Tools Online
  26. New Hacker Tools
  27. Pentest Tools For Windows
  28. Hacker Hardware Tools
  29. Best Pentesting Tools 2018
  30. Hacking Apps
  31. Pentest Tools Subdomain
  32. New Hack Tools
  33. Install Pentest Tools Ubuntu
  34. Pentest Tools
  35. Pentest Reporting Tools
  36. Hacker Tools Online
  37. Pentest Tools Nmap
  38. Hack Tool Apk
  39. Pentest Tools Linux
  40. Pentest Tools Github
  41. Hack Tools Mac
  42. Pentest Tools Apk
  43. Pentest Tools Bluekeep
  44. Hack Tool Apk No Root
  45. Hacker Tools For Windows
  46. Hacking App
  47. Install Pentest Tools Ubuntu
  48. Hacking Tools Name
  49. Hacker Tools Hardware
  50. Termux Hacking Tools 2019
  51. Hacker Tools For Mac
  52. Nsa Hack Tools
  53. Hacking Tools Github
  54. Hacking Tools 2019
  55. Hack Tool Apk
  56. Pentest Tools Nmap
  57. Pentest Tools Online
  58. Hacking Tools For Mac
  59. Nsa Hack Tools Download
  60. Kik Hack Tools
  61. Hacker Hardware Tools
  62. New Hack Tools
  63. Tools 4 Hack
  64. World No 1 Hacker Software
  65. Pentest Tools Windows
  66. Pentest Tools For Ubuntu
  67. Hacker Tools Apk
  68. Hacking Tools For Beginners
  69. Hack Tools For Windows
  70. Hacking Tools For Windows Free Download
  71. Computer Hacker
  72. Tools 4 Hack
  73. Bluetooth Hacking Tools Kali
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)