Arctic

Friday, January 26, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More articles
  1. Blackhat Hacker Tools
  2. Hacking Tools 2020
  3. Pentest Tools Website
  4. Hacker Hardware Tools
  5. Hacking Tools For Windows Free Download
  6. Hackers Toolbox
  7. Hacker Tool Kit
  8. Hacking Tools For Mac
  9. Hacker Tools Software
  10. Hack Tools For Pc
  11. Pentest Tools Bluekeep
  12. Hacking Tools Software
  13. Hacks And Tools
  14. Hacking Tools Hardware
  15. What Are Hacking Tools
  16. Hacking Tools For Pc
  17. Pentest Box Tools Download
  18. Hacking Tools For Mac
  19. Pentest Tools For Windows
  20. Hacker Tools Mac
  21. Hacker Tools For Mac
  22. Hacking Tools Pc
  23. Hacker Tools For Windows
  24. Pentest Tools Nmap
  25. Pentest Tools List
  26. Hacker Tools For Mac
  27. Hacker Tools Github
  28. Hacker Security Tools
  29. Hacking Tools Hardware
  30. Hacking Tools Software
  31. Hacking Tools Windows
  32. Pentest Tools For Android
  33. Hack Tools Mac
  34. Hacker Tools For Windows
  35. Hacking Tools For Games
  36. Hacks And Tools
  37. Github Hacking Tools
  38. Pentest Tools Kali Linux
  39. Pentest Tools For Ubuntu
  40. Hack And Tools
  41. Best Hacking Tools 2020
  42. Hacking Tools Software
  43. Beginner Hacker Tools
  44. Hacking Tools Windows 10
  45. Nsa Hacker Tools
  46. Pentest Automation Tools
  47. Hacking Tools Online
  48. Black Hat Hacker Tools
  49. Hacking Tools Kit
  50. Hacking Tools 2020
  51. Hacking Tools 2019
  52. Hacking Tools For Mac
  53. Growth Hacker Tools
  54. Hacker Tools Apk Download
  55. Hacking Tools Github
  56. Hacking Tools For Windows Free Download
  57. Pentest Tools Bluekeep
  58. Hacker Search Tools
  59. Hacking Tools Download
  60. Black Hat Hacker Tools
  61. New Hacker Tools
  62. Pentest Box Tools Download
  63. Usb Pentest Tools
  64. Hacking Tools Download
  65. Pentest Tools Online
  66. Hacking Tools Download
  67. Hacking Tools 2019
  68. Hack Website Online Tool
  69. Hack Tools For Mac
  70. Hacking Tools 2020
  71. Tools 4 Hack
  72. Hacking Tools
  73. New Hacker Tools
  74. Pentest Tools Open Source
  75. Pentest Tools Android
  76. Hack Tools For Ubuntu
  77. Hacker Tools Linux
  78. Hacking Tools For Kali Linux
  79. Tools Used For Hacking
  80. Hack Tools For Windows
  81. Hack Tools For Pc
  82. Hacker Tools For Ios
  83. Pentest Tools Windows
  84. Pentest Tools Android
  85. Blackhat Hacker Tools
  86. Pentest Tools Android
  87. Hack Tools For Pc
  88. Tools For Hacker
  89. Hacker Hardware Tools
  90. Hacker Tools Windows
  91. Pentest Tools Tcp Port Scanner
  92. Hack Rom Tools
  93. Hackrf Tools
  94. Pentest Automation Tools
  95. Hack Tools
  96. How To Install Pentest Tools In Ubuntu
  97. Hacking Tools Kit
  98. Tools For Hacker
  99. Usb Pentest Tools
  100. Hacker Tools Hardware
  101. Hacker Hardware Tools
  102. What Is Hacking Tools
  103. Hacking Tools Pc
  104. Pentest Reporting Tools
  105. Physical Pentest Tools
  106. Pentest Automation Tools
  107. Easy Hack Tools
  108. Pentest Tools Tcp Port Scanner
  109. Github Hacking Tools
  110. Hacker Tools List
  111. Hacker Tools 2020
  112. Blackhat Hacker Tools
  113. Hacking Tools For Windows Free Download
  114. Nsa Hack Tools
  115. Tools For Hacker
  116. Pentest Tools Online
  117. Pentest Tools
  118. Tools For Hacker
  119. Pentest Tools Tcp Port Scanner
  120. Pentest Automation Tools
  121. Best Pentesting Tools 2018
  122. Hacking Tools Mac
  123. Pentest Tools Android

posted by fox at 11:24 AM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]



<< Home