Saturday, 22 August 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news
  1. Pentest Tools For Android
  2. Hack Apps
  3. Pentest Tools Free
  4. Pentest Tools Free
  5. Physical Pentest Tools
  6. Hacker Tools Hardware
  7. Hacking Tools For Pc
  8. Underground Hacker Sites
  9. Nsa Hack Tools
  10. Hacking App
  11. Hacking Tools Usb
  12. Pentest Tools Port Scanner
  13. Hacker Tools Apk Download
  14. Pentest Tools For Mac
  15. Hacking Tools Usb
  16. Hacking Tools Software
  17. Computer Hacker
  18. Computer Hacker
  19. Hacking Tools 2019
  20. Hacking Tools 2020
  21. Hacking Tools Mac
  22. Hack Tools
  23. Bluetooth Hacking Tools Kali
  24. Hack Tools Download
  25. Pentest Tools Alternative
  26. Hacker Techniques Tools And Incident Handling
  27. Hacking Tools Github
  28. Free Pentest Tools For Windows
  29. Pentest Tools Download
  30. Install Pentest Tools Ubuntu
  31. Hacker Security Tools
  32. Hack Tools Github
  33. How To Make Hacking Tools
  34. Hack Tools Mac
  35. Hackers Toolbox
  36. Pentest Tools Github
  37. Hacking Tools And Software
  38. Hacking Tools For Windows Free Download
  39. Hackrf Tools
  40. New Hacker Tools
  41. Growth Hacker Tools
  42. Pentest Tools Free
  43. Pentest Tools List
  44. What Are Hacking Tools
  45. Hacking Tools Windows
  46. Hacker Tools 2019
  47. Hacking Tools Name
  48. Hacker Tools Mac
  49. Hacking Tools For Beginners
  50. Hacker Tool Kit
  51. Hack And Tools
  52. How To Make Hacking Tools
  53. Hacker
  54. Hacker Tools For Pc
  55. Hack Tools For Mac
  56. Hacker Tools For Mac
  57. Pentest Tools Port Scanner
  58. Pentest Tools Website Vulnerability
  59. World No 1 Hacker Software
  60. How To Install Pentest Tools In Ubuntu
  61. Hacker Tools Apk Download
  62. Pentest Tools For Mac
  63. Hacking Tools Usb
  64. Hacking Tools Pc
  65. Hacker Tools Online
  66. Hacker
  67. World No 1 Hacker Software
  68. Tools For Hacker
  69. Nsa Hacker Tools
  70. Game Hacking
  71. Hacking Tools For Mac
  72. Hack Tool Apk No Root
  73. Hacker Tools For Ios
  74. Pentest Tools Windows
  75. Easy Hack Tools
  76. Pentest Tools For Mac
  77. Pentest Tools Github
  78. Hack Tools
  79. Pentest Tools Url Fuzzer
  80. Hacker Tools List
  81. Hack Tools
  82. Tools 4 Hack
  83. Hacker Tools Apk
  84. Hacking Tools For Games
  85. Hacker Tools Free Download
  86. What Is Hacking Tools
  87. Pentest Box Tools Download
  88. Wifi Hacker Tools For Windows
  89. Pentest Tools Find Subdomains
  90. Termux Hacking Tools 2019
  91. Hacking Tools Download
  92. Hacker Tools Online
  93. Top Pentest Tools
  94. Hacker Tools 2020
  95. Hacking Tools Windows 10
  96. Computer Hacker
  97. Hacking Apps
  98. Hacking Tools Name
  99. Hackrf Tools
  100. Pentest Tools Github
  101. Pentest Tools Online
  102. Android Hack Tools Github
  103. Pentest Tools Url Fuzzer
  104. World No 1 Hacker Software
  105. Pentest Tools Bluekeep
  106. Underground Hacker Sites
  107. Github Hacking Tools
  108. Hacker Tools Software
  109. Hacker Tools List
  110. Hacker Tools Free
  111. Wifi Hacker Tools For Windows
  112. Hacking Tools Kit
  113. Hacker Tools For Pc
  114. Hack Tools Github
  115. Kik Hack Tools
  116. Top Pentest Tools
  117. Pentest Tools Android
  118. Hack Tools Download
  119. Hacking Tools Windows 10
  120. Pentest Tools Tcp Port Scanner
  121. How To Install Pentest Tools In Ubuntu
  122. Hacking Tools Name
  123. Termux Hacking Tools 2019
  124. Hack Tool Apk No Root
  125. Hacking Tools 2020
  126. Physical Pentest Tools
  127. Hacker Tools Linux
  128. Nsa Hack Tools
  129. How To Hack
  130. Android Hack Tools Github
  131. Hack Tools For Pc
  132. Hack Tools
  133. Hack Tools For Games
  134. Top Pentest Tools
  135. Black Hat Hacker Tools
  136. Hacking Tools For Pc
  137. Pentest Box Tools Download
  138. Pentest Reporting Tools
  139. Hacker Tools For Windows
  140. Hacking Tools Mac
  141. Pentest Box Tools Download
  142. Pentest Reporting Tools
  143. Hacker Tools
  144. Pentest Tools Linux
  145. Pentest Tools
  146. Underground Hacker Sites
  147. Hacking Tools For Windows
  148. Hacker Tools Software
  149. Hackers Toolbox

No comments:

Post a Comment