Friday, January 26, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More information


  1. Hacking Tools Usb
  2. Pentest Recon Tools
  3. Hack Tools For Mac
  4. Hacker Tools For Pc
  5. Nsa Hack Tools
  6. World No 1 Hacker Software
  7. Hack Tools For Windows
  8. Pentest Tools Framework
  9. Pentest Automation Tools
  10. Hacking Tools For Mac
  11. Hacking Tools Usb
  12. Hack And Tools
  13. Hackers Toolbox
  14. Hacking Tools Download
  15. Hacker Tools Mac
  16. Hacking Tools
  17. Hack Tools Github
  18. Pentest Tools Url Fuzzer
  19. Hak5 Tools
  20. Free Pentest Tools For Windows
  21. Blackhat Hacker Tools
  22. World No 1 Hacker Software
  23. Hacker Tools For Pc
  24. Hacking Tools 2019
  25. Hacker
  26. Hak5 Tools
  27. Pentest Tools Tcp Port Scanner
  28. Beginner Hacker Tools
  29. Pentest Tools For Ubuntu
  30. Hacker Tools Hardware
  31. Hacking Tools Software
  32. Hacking Tools Windows 10
  33. Game Hacking
  34. Blackhat Hacker Tools
  35. Hacking Tools Github
  36. Pentest Tools Website
  37. Hacking Tools Pc
  38. Hacking Tools And Software
  39. Hacker Tools Mac
  40. Hacker Techniques Tools And Incident Handling
  41. Best Hacking Tools 2019
  42. Pentest Tools Website
  43. Hacker Hardware Tools
  44. Computer Hacker
  45. New Hacker Tools
  46. Hacker Tools 2019
  47. Hacker Techniques Tools And Incident Handling
  48. Pentest Tools Github
  49. Hacker Tools Apk Download
  50. Nsa Hack Tools
  51. Best Hacking Tools 2020
  52. Pentest Tools Free
  53. How To Make Hacking Tools
  54. Hack Apps
  55. Hacker Tools Apk Download
  56. Pentest Tools Open Source
  57. Pentest Tools Bluekeep
  58. Hack Tools For Windows
  59. Tools Used For Hacking
  60. Hacker Tools Free Download
  61. Beginner Hacker Tools
  62. Pentest Tools Apk
  63. Hack Tools 2019
  64. Tools 4 Hack
  65. Easy Hack Tools
  66. Kik Hack Tools
  67. Pentest Tools Apk
  68. Hacking Tools Online
  69. Hacking Tools Software
  70. Kik Hack Tools
  71. Hacker Hardware Tools
  72. Hack Tools For Ubuntu
  73. Hacker Tools Github
  74. Hacker Tools Online
  75. Nsa Hack Tools Download
  76. Hack Tools Online
  77. Top Pentest Tools
  78. Pentest Tools For Windows
  79. Pentest Tools Linux
  80. Hack Tools Online
  81. Pentest Tools Alternative
  82. Easy Hack Tools
  83. How To Make Hacking Tools
  84. How To Make Hacking Tools
  85. Hacker Tools Github
  86. How To Hack
  87. Pentest Tools Framework
  88. Pentest Recon Tools
  89. Tools 4 Hack
  90. Tools Used For Hacking
  91. Pentest Tools Alternative
  92. Hacker
  93. Pentest Tools Windows
  94. Hacking Tools For Windows 7
  95. Hacking Tools For Kali Linux
  96. Hacker Tools Online
  97. Hak5 Tools
  98. Install Pentest Tools Ubuntu
  99. Pentest Tools For Windows
  100. Hacking Tools For Windows 7
  101. Hacking Tools For Games
  102. Hacker Hardware Tools
  103. Hacking Tools For Windows 7
  104. Nsa Hacker Tools
  105. Black Hat Hacker Tools
  106. Pentest Tools For Android
  107. Game Hacking
  108. Best Pentesting Tools 2018
  109. Hacker Tools 2020
  110. Best Pentesting Tools 2018
  111. Pentest Recon Tools
  112. Hacking Tools Software
  113. Pentest Tools Apk
  114. Nsa Hack Tools
  115. Physical Pentest Tools
  116. Hacking Tools Github
  117. Hacks And Tools
  118. Tools 4 Hack
  119. Kik Hack Tools
  120. Tools Used For Hacking
  121. Hacking Tools For Pc
  122. Hack Tools
  123. Hacking Tools 2019
  124. Hacker Tools List
  125. Pentest Tools Alternative
  126. Hack App
  127. Hacking Tools And Software
  128. Termux Hacking Tools 2019
  129. Pentest Tools Website
  130. Pentest Tools
  131. Hack Tools Github
  132. Easy Hack Tools
  133. Pentest Tools For Mac
  134. Best Pentesting Tools 2018
  135. Pentest Recon Tools
  136. Hak5 Tools
  137. Pentest Tools Website Vulnerability
  138. Hacking Tools Online
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)