Tuesday, August 25, 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts


  1. Hacker Security Tools
  2. Hacking Tools For Mac
  3. Pentest Tools Android
  4. Hacker Tool Kit
  5. Pentest Tools Framework
  6. Hack Tools For Mac
  7. Hacking Tools For Pc
  8. Hacker Security Tools
  9. Nsa Hacker Tools
  10. Hack Tools
  11. Hacker Search Tools
  12. Pentest Reporting Tools
  13. Pentest Tools Bluekeep
  14. Pentest Tools Nmap
  15. Usb Pentest Tools
  16. Hacker Tools Windows
  17. Hack Tools 2019
  18. Hacking Tools
  19. Hacking Tools And Software
  20. Pentest Tools Website Vulnerability
  21. Hack Tools Github
  22. Ethical Hacker Tools
  23. Hacking Tools Download
  24. World No 1 Hacker Software
  25. Hacking Tools Mac
  26. Hack Tools Mac
  27. Hacking Tools Usb
  28. Pentest Tools Kali Linux
  29. Pentest Tools Find Subdomains
  30. Pentest Tools Apk
  31. Hacker Tools Free Download
  32. Pentest Reporting Tools
  33. Hacking Tools 2019
  34. Best Hacking Tools 2019
  35. Hack Tools Mac
  36. Pentest Tools Subdomain
  37. Tools Used For Hacking
  38. Hacking Tools For Windows 7
  39. Hacking Tools Usb
  40. How To Make Hacking Tools
  41. Free Pentest Tools For Windows
  42. Nsa Hack Tools Download
  43. Hacking Apps
  44. Hacker Tools Windows
  45. What Is Hacking Tools
  46. Hack Tools For Windows
  47. Hacking Tools For Windows
  48. Hack Tools Pc
  49. Pentest Tools Kali Linux
  50. Hacker Tools Github
  51. Hacking Tools Free Download
  52. New Hack Tools
  53. Hacking Tools Windows
  54. Hacking Tools For Windows 7
  55. Hacker Tools For Pc
  56. Hacker Hardware Tools
  57. Hacker Tools Free
  58. Hacking Tools Download
  59. Hacker Security Tools
  60. Hackrf Tools
  61. Hacking App
  62. Hacking Tools
  63. Hacker Tools For Windows
  64. Hack Tools Online
  65. Termux Hacking Tools 2019
  66. Pentest Tools Port Scanner
  67. Hack Tools Online
  68. Pentest Tools Linux
  69. Hacking Tools Pc
  70. Wifi Hacker Tools For Windows
  71. Hacking Tools Kit
  72. How To Install Pentest Tools In Ubuntu
  73. Hacker Security Tools
  74. Termux Hacking Tools 2019
  75. New Hacker Tools
  76. Pentest Tools Download
  77. Tools 4 Hack
  78. Hacking Tools For Pc
  79. Best Hacking Tools 2020
  80. Hacker Tools 2020
  81. Top Pentest Tools
  82. Pentest Tools Url Fuzzer
  83. Hacking Tools For Windows
  84. Hack Tools Github
  85. Hacking App
  86. How To Make Hacking Tools
  87. Best Hacking Tools 2019
  88. Hacker Hardware Tools
  89. Pentest Tools Framework
  90. Hack Tools
  91. Hacker Security Tools
  92. Pentest Tools For Windows
  93. Hacker Tools Github
  94. Android Hack Tools Github
  95. Nsa Hack Tools Download
  96. Pentest Tools Free
  97. Hacker Tools Online
  98. Pentest Recon Tools
  99. Wifi Hacker Tools For Windows
  100. Hack Tools For Ubuntu
  101. Hacker Tools Free Download
  102. Hacker Tools For Mac
  103. Github Hacking Tools
  104. Pentest Tools
  105. Black Hat Hacker Tools
  106. Hack Tool Apk
  107. Nsa Hack Tools Download
  108. Pentest Tools Review
  109. Hacker Tools Free
  110. Pentest Tools Port Scanner
  111. Hack Tools
  112. Hacker Tools 2020
  113. Hack Tools For Ubuntu
  114. Hacking Tools Software
  115. Tools 4 Hack
  116. Best Hacking Tools 2019
  117. Usb Pentest Tools
  118. Hacking Tools Software
  119. Best Hacking Tools 2019
  120. Pentest Tools Find Subdomains
  121. Hack Apps
  122. Hacker Techniques Tools And Incident Handling
  123. Pentest Tools Kali Linux
  124. Android Hack Tools Github
  125. Hacker Tools Free
  126. Hacker Tools Mac
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

2319 Interesting News

Lessons in capitalism from Whole Foods and Trader Joe's Australia joins the industrial arms race Patriotism is replacing purpose in Amer...