Sunday, 23 August 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts


  1. Hacker Tools For Pc
  2. Hacking Tools For Beginners
  3. Pentest Tools For Mac
  4. Pentest Tools List
  5. Tools Used For Hacking
  6. Hack Tools Mac
  7. Pentest Tools Framework
  8. Best Pentesting Tools 2018
  9. Pentest Tools Find Subdomains
  10. Hack Website Online Tool
  11. Pentest Tools For Mac
  12. Kik Hack Tools
  13. What Is Hacking Tools
  14. Pentest Tools Free
  15. Hack Tools Online
  16. Hack Tool Apk No Root
  17. What Are Hacking Tools
  18. Growth Hacker Tools
  19. Hacker Tools For Pc
  20. Hack Website Online Tool
  21. Hacking Tools For Games
  22. Hacker Tools
  23. Best Hacking Tools 2019
  24. Termux Hacking Tools 2019
  25. Tools For Hacker
  26. Pentest Tools Tcp Port Scanner
  27. Pentest Tools For Ubuntu
  28. Hacking Tools Windows 10
  29. What Are Hacking Tools
  30. Hack Tool Apk No Root
  31. How To Hack
  32. Pentest Tools Open Source
  33. Tools Used For Hacking
  34. Hacking Tools For Beginners
  35. Pentest Tools Framework
  36. Hacker Tools Linux
  37. Hack Apps
  38. Android Hack Tools Github
  39. Hack Apps
  40. Best Hacking Tools 2020
  41. Tools 4 Hack
  42. Free Pentest Tools For Windows
  43. Hack Tools 2019
  44. Pentest Tools Website Vulnerability
  45. Hacker Tools 2019
  46. Wifi Hacker Tools For Windows
  47. Hacker Tools Free Download
  48. Pentest Tools
  49. Hacker Tools Apk
  50. Hacker Tools Github
  51. Hacking Tools Github
  52. Game Hacking
  53. Hack Tools Pc
  54. Pentest Tools Linux
  55. Pentest Tools Open Source
  56. Hack Tools Download
  57. Hack Rom Tools
  58. Pentest Tools Bluekeep
  59. Hacking Tools For Games
  60. Hacker Hardware Tools
  61. Top Pentest Tools
  62. Hacking Tools Software
  63. Pentest Reporting Tools
  64. Pentest Tools Url Fuzzer
  65. Pentest Tools Framework
  66. Usb Pentest Tools
  67. Install Pentest Tools Ubuntu
  68. Hacker Tools 2020
  69. Android Hack Tools Github
  70. Android Hack Tools Github
  71. How To Hack
  72. Pentest Tools Online
  73. New Hack Tools
  74. Pentest Tools Website Vulnerability
  75. Android Hack Tools Github
  76. Pentest Tools Github
  77. Hack Tools 2019
  78. Hack Tools Github
  79. Pentest Tools Online
  80. Hacking Apps
  81. Hack Tools Download
  82. How To Make Hacking Tools
  83. Hacker Tools For Pc
  84. Physical Pentest Tools
  85. Hacking Tools Usb
  86. New Hack Tools
  87. Hacker Tools Mac
  88. Easy Hack Tools
  89. Pentest Tools Website Vulnerability
  90. Hacking Tools Free Download
  91. Top Pentest Tools
  92. Pentest Tools Github
  93. Hacker Tool Kit
  94. How To Hack
  95. Hacker Techniques Tools And Incident Handling
  96. Hacker Tools Apk Download
  97. Hacking Tools Mac
  98. Github Hacking Tools
  99. Hacking Tools For Games
  100. Hacker Hardware Tools
  101. Wifi Hacker Tools For Windows
  102. Hacking Tools For Mac
  103. Install Pentest Tools Ubuntu
  104. Hacker Tools For Pc
  105. Hacking Tools Name
  106. Hacking App
  107. Hacker Techniques Tools And Incident Handling
  108. Hacker Tools 2020
  109. Hacks And Tools
  110. Hacker Tools List
  111. Hack Rom Tools
  112. Top Pentest Tools
  113. Hacking Tools Software
  114. Hack Tools Github
  115. Blackhat Hacker Tools
  116. Pentest Automation Tools
  117. Hack Tools For Pc
  118. Hacker Tools Mac
  119. Hacker Tools
  120. Pentest Tools Online
  121. Usb Pentest Tools
  122. Best Pentesting Tools 2018
  123. Hacking Tools Kit
  124. How To Hack

No comments:

Post a Comment