Thursday, January 25, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More articles


  1. Hacking Tools For Pc
  2. Underground Hacker Sites
  3. Nsa Hack Tools
  4. Hacking Tools For Windows 7
  5. Beginner Hacker Tools
  6. Hack Tools For Mac
  7. Hacking Tools For Kali Linux
  8. Pentest Tools Linux
  9. Pentest Tools Port Scanner
  10. Github Hacking Tools
  11. Hack Tools For Pc
  12. Hacker Tools
  13. Pentest Tools Subdomain
  14. Hacker Tools For Windows
  15. Pentest Tools Download
  16. Pentest Tools Open Source
  17. Hacking Tools For Pc
  18. Underground Hacker Sites
  19. Hackrf Tools
  20. Install Pentest Tools Ubuntu
  21. Usb Pentest Tools
  22. Tools 4 Hack
  23. Hack Tools Online
  24. Hack Tools
  25. What Are Hacking Tools
  26. Hacker Tools For Windows
  27. Best Pentesting Tools 2018
  28. Pentest Recon Tools
  29. Hack Tools Github
  30. Hacking App
  31. World No 1 Hacker Software
  32. Hacker Tools Free
  33. Pentest Tools Website
  34. Hacker Techniques Tools And Incident Handling
  35. Pentest Tools Tcp Port Scanner
  36. Hack Tools For Mac
  37. Pentest Tools Kali Linux
  38. Hacker Search Tools
  39. Game Hacking
  40. Easy Hack Tools
  41. Top Pentest Tools
  42. Hacker Hardware Tools
  43. Pentest Tools Download
  44. Black Hat Hacker Tools
  45. Tools Used For Hacking
  46. Hacking Tools 2019
  47. Pentest Automation Tools
  48. Hack Tools
  49. Hack And Tools
  50. Pentest Reporting Tools
  51. Pentest Tools Online
  52. Hack Tools Github
  53. Hacker Tools Apk
  54. Pentest Tools Alternative
  55. Best Hacking Tools 2020
  56. Hacking Tools Windows
  57. Tools Used For Hacking
  58. Hacking Tools Software
  59. Pentest Tools Download
  60. What Is Hacking Tools
  61. Pentest Tools Windows
  62. Pentest Reporting Tools
  63. Tools For Hacker
  64. Hacking Tools Usb
  65. Pentest Tools For Mac
  66. Hacking Tools Windows 10
  67. Pentest Automation Tools
  68. Hacking Tools Software
  69. Kik Hack Tools
  70. Hacking App
  71. Pentest Tools Url Fuzzer
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)