22 August 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts
  1. Hacker Tools Free
  2. Hacker Tool Kit
  3. Hacker Tools
  4. Hak5 Tools
  5. Nsa Hack Tools Download
  6. World No 1 Hacker Software
  7. Hacker Search Tools
  8. Hacking Tools For Mac
  9. Hacker Techniques Tools And Incident Handling
  10. What Is Hacking Tools
  11. Hacking Tools For Pc
  12. Best Hacking Tools 2019
  13. Hacker Tools Windows
  14. Pentest Tools Online
  15. Pentest Tools Framework
  16. Pentest Tools Kali Linux
  17. Hacker Tools Online
  18. Pentest Recon Tools
  19. Hack Tools For Mac
  20. Usb Pentest Tools
  21. Hack Tools
  22. Hack App
  23. Pentest Tools Bluekeep
  24. Hack Tools For Games
  25. Hacking Tools For Windows 7
  26. Nsa Hack Tools Download
  27. Tools Used For Hacking
  28. Hacker Tools Apk
  29. Hacking Apps
  30. Hacker Tools For Mac
  31. Hack Tools For Pc
  32. Hacker Tool Kit
  33. Hack Rom Tools
  34. Blackhat Hacker Tools
  35. Pentest Tools Open Source
  36. Hacker Tools Apk
  37. Hak5 Tools
  38. Hack Tools For Ubuntu
  39. Pentest Tools Website Vulnerability
  40. Pentest Automation Tools
  41. Tools For Hacker
  42. Hacking Tools For Windows Free Download
  43. Hacker Tools Free
  44. Hacking Tools For Games
  45. Kik Hack Tools
  46. Hacker Tools Apk Download
  47. Pentest Tools Android
  48. Hack Tools For Ubuntu
  49. Pentest Tools Framework
  50. Pentest Tools Free
  51. Bluetooth Hacking Tools Kali
  52. Pentest Tools Alternative
  53. Hacking Tools Download
  54. Pentest Tools Github
  55. Pentest Tools Review
  56. Hacking Tools Online
  57. Hacking Tools For Windows
  58. Pentest Recon Tools
  59. Hacker Tools For Ios
  60. Kik Hack Tools
  61. Pentest Tools Linux
  62. Hack Tools For Ubuntu
  63. Hacker Tools Free Download
  64. Pentest Tools Url Fuzzer
  65. Hacking Tools Hardware
  66. Pentest Tools For Mac
  67. Hacker Tools
  68. Hackers Toolbox
  69. Hacker Tools Apk
  70. Black Hat Hacker Tools
  71. Hacking Tools Name
  72. Hacking Tools For Beginners
  73. Physical Pentest Tools
  74. Hack Tool Apk
  75. Pentest Tools Free
  76. Hacking Tools Hardware
  77. Hack Tools For Games
  78. Hack Tools Online
  79. Tools 4 Hack
  80. Pentest Recon Tools
  81. Hacker Tools For Pc
  82. Pentest Tools Tcp Port Scanner
  83. Hacks And Tools
  84. Hacking Tools Mac
  85. Hacker Tools Github
  86. Hacking Tools For Kali Linux
  87. How To Hack
  88. Hack Tools Mac
  89. How To Make Hacking Tools
  90. Hack Tool Apk
  91. Hacking Tools Github
  92. Hacker Tools List
  93. Beginner Hacker Tools
  94. Hacker Tools For Pc
  95. Blackhat Hacker Tools
  96. Beginner Hacker Tools
  97. Pentest Tools Apk
  98. Pentest Tools Website
  99. Hack Tools Mac
  100. Pentest Tools Nmap
  101. Tools Used For Hacking
  102. Hak5 Tools
  103. Growth Hacker Tools
  104. Termux Hacking Tools 2019
  105. What Is Hacking Tools
  106. Pentest Tools Bluekeep
  107. Hacking Tools For Windows 7
  108. Hacker Tools Software
  109. Pentest Tools Subdomain
  110. Underground Hacker Sites
  111. Hacker Tools Github
  112. Hack Tools Mac
  113. Top Pentest Tools
  114. Hack Tools For Ubuntu
  115. Hacks And Tools
  116. Hacker Tool Kit
  117. Pentest Recon Tools
  118. Hacker Tools For Pc
  119. Free Pentest Tools For Windows
  120. Hacking Tools Mac
  121. Hacking Tools Windows 10
  122. What Is Hacking Tools
  123. Hack Apps
  124. Hacking Apps
  125. How To Make Hacking Tools
  126. Pentest Tools Bluekeep
  127. Wifi Hacker Tools For Windows
  128. Hack Tools For Mac
  129. Pentest Tools Alternative
  130. Pentest Reporting Tools
  131. Hacker Hardware Tools
  132. Hacking Tools For Windows
  133. Hackrf Tools
  134. Tools 4 Hack
  135. How To Install Pentest Tools In Ubuntu
  136. Nsa Hack Tools Download
  137. Hacker Tools Windows
  138. Hacking Tools For Beginners
  139. Ethical Hacker Tools
  140. Hacker Search Tools
  141. Pentest Reporting Tools
  142. Pentest Tools Tcp Port Scanner
  143. Hackers Toolbox
  144. Hacking Tools 2019
  145. Nsa Hack Tools
  146. Hacking Apps
  147. Pentest Tools Alternative
  148. Pentest Tools Alternative
  149. Hacking Tools For Kali Linux

No comments:

Post a Comment