Wednesday, May 31, 2023

 

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts


  1. Pentest Tools For Windows
  2. Hacker Tools 2020
  3. Hack Website Online Tool
  4. Hacking Tools Kit
  5. Hacker Tools Linux
  6. Hacker Tools Linux
  7. Hacking Tools For Games
  8. Pentest Tools For Mac
  9. Hacking Tools Online
  10. Android Hack Tools Github
  11. Hacks And Tools
  12. What Is Hacking Tools
  13. Hacker Tools For Mac
  14. Hacking Tools For Pc
  15. Black Hat Hacker Tools
  16. Pentest Tools Github
  17. Hack Tools For Games
  18. Wifi Hacker Tools For Windows
  19. Usb Pentest Tools
  20. Black Hat Hacker Tools
  21. Hacker Tools For Pc
  22. Hacker
  23. Beginner Hacker Tools
  24. Easy Hack Tools
  25. Hacking Tools For Beginners
  26. Pentest Tools Apk
  27. Hacker Tools For Mac
  28. Pentest Tools For Android
  29. Tools Used For Hacking
  30. Hacking Tools 2020
  31. Hacking Tools For Kali Linux
  32. Hacker Tools Apk Download
  33. New Hacker Tools
  34. Pentest Tools Framework
  35. Pentest Reporting Tools
  36. Kik Hack Tools
  37. Termux Hacking Tools 2019
  38. Hack Tools For Windows
  39. Hacking Tools For Windows Free Download
  40. Hacking Tools Hardware
  41. Hacker Tools Github
  42. Pentest Tools For Ubuntu
  43. Hacking Tools Windows 10
  44. Hacking Tools Download
  45. Hackrf Tools
  46. Underground Hacker Sites
  47. Hack Tools For Games
  48. Hack Tools Mac
  49. Hacker Tools For Windows
  50. Hack Tools Download
  51. Hack Tools Pc

# posted by Vaibhav Bhargava @ 4:45 PM
Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?