Saturday, June 3, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Continue reading


  1. Hacking Tools For Windows Free Download
  2. Hacking Tools Windows 10
  3. Pentest Tools
  4. Pentest Tools For Ubuntu
  5. Pentest Tools Download
  6. Pentest Tools Bluekeep
  7. Hacking Tools 2019
  8. Hacking Tools For Windows 7
  9. Hacking Tools For Windows Free Download
  10. Blackhat Hacker Tools
  11. Hak5 Tools
  12. Blackhat Hacker Tools
  13. Hacking Tools Kit
  14. Hacking Tools Name
  15. Hacker Tools 2020
  16. New Hack Tools
  17. Hack Tools For Windows
  18. Hacking Tools For Windows
  19. Pentest Tools Open Source
  20. Pentest Tools Port Scanner
  21. Best Hacking Tools 2019
  22. Easy Hack Tools
  23. Pentest Recon Tools
  24. Hacking App
  25. Hacker Tools Mac
  26. Hack Tools Download
  27. Hacker Tools Github
  28. Hack Tools Pc
  29. Hak5 Tools
  30. Hacking Tools Kit
  31. Hacking Tools For Windows 7
  32. Blackhat Hacker Tools
  33. Hacking Tools For Kali Linux
  34. Hacking Tools Name
  35. Hacker Techniques Tools And Incident Handling
  36. Ethical Hacker Tools
  37. Hacking Tools For Windows
  38. Pentest Tools For Ubuntu
  39. Hack Tools
  40. Hacking Tools Free Download
  41. Hacking Tools
  42. Hacking Tools Mac
  43. Physical Pentest Tools
  44. Hackrf Tools
  45. Game Hacking
  46. Hacker Tools Software
  47. Pentest Tools For Android
  48. Hack Tool Apk
  49. Hacker Tools List
  50. Pentest Tools Subdomain
  51. Hacking Tools Hardware
  52. Pentest Tools Kali Linux
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)