Friday, January 19, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Continue reading


  1. Tools 4 Hack
  2. Hacking Tools 2020
  3. Pentest Recon Tools
  4. Hack Tools For Windows
  5. Hacking Tools Online
  6. Hacker Tools For Mac
  7. Hack Tools Mac
  8. Hacking Tools For Windows 7
  9. Hacker Tools Online
  10. Pentest Tools Online
  11. Black Hat Hacker Tools
  12. Hack Tools For Ubuntu
  13. Nsa Hack Tools
  14. Hacking Tools Software
  15. Hacking Tools 2020
  16. Pentest Tools For Android
  17. Pentest Tools Find Subdomains
  18. Hacker Search Tools
  19. Hack Tools
  20. Hacker Tools Linux
  21. Best Pentesting Tools 2018
  22. What Is Hacking Tools
  23. Hack Tools For Ubuntu
  24. Best Hacking Tools 2020
  25. Pentest Tools Nmap
  26. Pentest Tools Find Subdomains
  27. Github Hacking Tools
  28. Hacking Tools Windows
  29. Hacker Tools Apk Download
  30. Pentest Box Tools Download
  31. Hacker Tools Free Download
  32. Nsa Hack Tools
  33. Hacking Tools Mac
  34. Hacking Tools For Beginners
  35. Hackers Toolbox
  36. Hack Rom Tools
  37. Pentest Tools For Android
  38. Hacker Tools Free
  39. Hack Tools Pc
  40. Pentest Tools Port Scanner
  41. Pentest Tools Online
  42. Hacker Tools Online
  43. New Hack Tools
  44. What Are Hacking Tools
  45. Hacker Tool Kit
  46. What Are Hacking Tools
  47. Hack Rom Tools
  48. Pentest Box Tools Download
  49. Pentest Tools Free
  50. Pentest Automation Tools
  51. Hacker Tools For Ios
  52. Wifi Hacker Tools For Windows
  53. Hacking Tools 2019
  54. Hacking Tools Software
  55. Hacker Tools Online
  56. Hacking Tools Github
  57. Hacking Tools Pc
  58. Hack Tools For Windows
  59. Tools For Hacker
  60. Hacker Tools Free Download
  61. Hacker Tools 2020
  62. Pentest Tools Website Vulnerability
  63. Pentest Tools Linux
  64. Hacking Tools For Windows
  65. Hacking Tools For Windows
  66. New Hack Tools
  67. Pentest Tools Free
  68. Hackers Toolbox
  69. Pentest Tools For Mac
  70. Hacking Tools Hardware
  71. Hacker Hardware Tools
  72. Android Hack Tools Github
  73. Hack Tools Github
  74. Hack Website Online Tool
  75. Computer Hacker
  76. Pentest Tools Free
  77. Hacker Tools Windows
  78. Hak5 Tools
  79. Tools Used For Hacking
  80. Hacker Security Tools
  81. Hack Tools Online
  82. Hacker Security Tools
  83. Hack Tools Pc
  84. Nsa Hacker Tools
  85. Top Pentest Tools
  86. Hacker Hardware Tools
  87. Pentest Tools For Mac
  88. Hacking Tools Windows 10
  89. Pentest Tools List
  90. Hacker Tools Linux
  91. Tools For Hacker
  92. Hacking Tools Windows
  93. Hacking Tools Mac
  94. Pentest Tools Open Source
  95. Hack Tools For Windows
  96. Pentest Tools
  97. Hacker Search Tools
  98. Pentest Tools For Android
  99. Black Hat Hacker Tools
  100. Pentest Tools
  101. Pentest Tools For Windows
  102. Hack Tools For Mac
  103. Best Hacking Tools 2019
  104. Hacker Hardware Tools
  105. Pentest Tools Url Fuzzer
  106. Hacking App
  107. Blackhat Hacker Tools
  108. New Hack Tools
  109. Hacker Tools For Windows
  110. Hacking Tools Hardware
  111. Hacking Tools For Beginners
  112. Pentest Tools Linux
  113. Hacker Tools For Windows
  114. Hackers Toolbox
  115. Hak5 Tools
  116. Pentest Tools For Android
  117. Hacker Tools List
  118. Hacker Tools 2020
  119. Hacker Tools For Ios
  120. Pentest Tools Linux
  121. Hack Tools For Windows
  122. Hack Tools Online
  123. Hack Tools
  124. How To Make Hacking Tools
  125. Growth Hacker Tools
  126. Top Pentest Tools
  127. Kik Hack Tools
  128. Pentest Tools Online
  129. Pentest Tools Windows
  130. New Hack Tools
  131. Hacker Tools Windows
  132. Hacking Tools Software
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)