Thursday, May 25, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts


  1. Hack App
  2. Easy Hack Tools
  3. Hacking Tools For Kali Linux
  4. Hacking Apps
  5. Pentest Tools Framework
  6. Hacker Tools
  7. Nsa Hack Tools
  8. Pentest Tools Website
  9. Hacking Tools Name
  10. Hacking Tools 2019
  11. Hacks And Tools
  12. Hacker Security Tools
  13. How To Install Pentest Tools In Ubuntu
  14. Hacking Tools For Windows Free Download
  15. Hack Rom Tools
  16. Pentest Tools Free
  17. Tools Used For Hacking
  18. Hacking Tools For Kali Linux
  19. Hacking Tools Mac
  20. How To Hack
  21. Hacking Apps
  22. Black Hat Hacker Tools
  23. Pentest Tools Download
  24. Pentest Tools Framework
  25. Hacking Tools And Software
  26. Hacking Tools For Beginners
  27. Best Hacking Tools 2020
  28. Hack Tools For Games
  29. Hack Tools Pc
  30. Physical Pentest Tools
  31. Tools Used For Hacking
  32. Computer Hacker
  33. Hacking Tools For Windows
  34. Pentest Tools Kali Linux
  35. Kik Hack Tools
  36. Pentest Tools Windows
  37. Hack Tools For Windows
  38. Pentest Tools Online
  39. Hackers Toolbox
  40. Hacker Tools Apk Download
  41. Github Hacking Tools
  42. Hack Tools For Ubuntu
  43. Tools 4 Hack
  44. Hack Tools Download
  45. Hacker Tools Software
  46. Hacker Tools Hardware
  47. Best Hacking Tools 2020
  48. Pentest Tools
  49. Black Hat Hacker Tools
  50. Hacker Search Tools
  51. Tools Used For Hacking
  52. Hacker Tools
  53. Hack Tools For Pc
  54. Hacker Tools Online
  55. Hacking App
  56. Black Hat Hacker Tools
  57. Tools Used For Hacking
  58. New Hacker Tools
  59. Hak5 Tools
  60. Hacker Security Tools
  61. Hacker Tools Hardware
  62. Pentest Tools Url Fuzzer
  63. Hacking Tools Name
  64. Physical Pentest Tools
  65. Pentest Tools Nmap
  66. Pentest Tools Download
  67. Hack Website Online Tool
  68. Hacking Tools Pc
  69. Hacking Tools For Windows
  70. Hacking Tools For Pc
  71. Hacking Tools For Mac
  72. Hacker Tools For Ios
  73. Pentest Tools Website Vulnerability
  74. Hacker Security Tools
  75. Hack Tools Download
  76. Tools 4 Hack
  77. Hacking Tools Download
  78. Hacking Tools And Software
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)