Sunday, January 21, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More articles
  1. Hack Tools For Games
  2. Hacking Tools Hardware
  3. Hacking Tools Kit
  4. Hack Tools Github
  5. Wifi Hacker Tools For Windows
  6. Hacks And Tools
  7. Pentest Tools Android
  8. Pentest Tools Kali Linux
  9. Growth Hacker Tools
  10. Pentest Tools Port Scanner
  11. Underground Hacker Sites
  12. Hacker Hardware Tools
  13. Pentest Tools Free
  14. Free Pentest Tools For Windows
  15. Pentest Tools Review
  16. Hack Tools For Games
  17. Hacker
  18. Pentest Tools Alternative
  19. Hack App
  20. Install Pentest Tools Ubuntu
  21. Nsa Hack Tools
  22. Pentest Tools Github
  23. Hacking Tools
  24. Hack Apps
  25. Hacker Tools Linux
  26. Hacking Tools Kit
  27. Hacking Tools For Beginners
  28. Hack Tools
  29. What Are Hacking Tools
  30. Hacking Tools For Games
  31. Pentest Tools Nmap
  32. Game Hacking
  33. How To Make Hacking Tools
  34. Hackers Toolbox
  35. Pentest Tools Nmap
  36. Pentest Tools Apk
  37. Hak5 Tools
  38. Blackhat Hacker Tools
  39. Hacker Tools 2019
  40. Wifi Hacker Tools For Windows
  41. Best Hacking Tools 2020
  42. Pentest Tools List
  43. Hack And Tools
  44. Pentest Tools
  45. Ethical Hacker Tools
  46. Pentest Tools Free
  47. Termux Hacking Tools 2019
  48. Best Hacking Tools 2020
  49. Pentest Tools Subdomain
  50. Hacker Tool Kit
  51. Nsa Hack Tools Download
  52. Black Hat Hacker Tools
  53. Pentest Box Tools Download
  54. Hacker Tools Free Download
  55. Hack Tools
  56. Hacker Tools Online
  57. Hacker Tools Hardware
  58. Hack Tools
  59. Pentest Tools For Ubuntu
  60. Hacking App
  61. Termux Hacking Tools 2019
  62. Hacker Tools For Windows
  63. Hacker Tools Free Download
  64. Hacker Tools List
  65. Pentest Tools For Mac
Posted by KINKI Cristal at 8:13 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)