Search This Blog

Friday, January 26, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More articles


  1. Hacking Tools For Games
  2. Computer Hacker
  3. Hacking Tools Github
  4. Pentest Tools Github
  5. Pentest Tools Website
  6. How To Hack
  7. Top Pentest Tools
  8. Pentest Tools Port Scanner
  9. Hacking Tools Pc
  10. Pentest Tools Linux
  11. Hacker Tool Kit
  12. Pentest Tools For Mac
  13. Hacking Tools Hardware
  14. Hack Tools
  15. Nsa Hack Tools
  16. Hacker Tools For Windows
  17. New Hack Tools
  18. Pentest Tools Url Fuzzer
  19. Hacking Tools Pc
  20. Hack Tools
  21. Computer Hacker
  22. Hacker Tools Free
  23. How To Install Pentest Tools In Ubuntu
  24. Hacker Tools Mac
  25. Pentest Tools Nmap
  26. Pentest Automation Tools
  27. Hack Tools
  28. Hack Tools For Pc
  29. Hacker Tools Mac
  30. Kik Hack Tools
  31. Hack Tools For Ubuntu
  32. Hacking Apps
  33. Hacker Tools Hardware
  34. Computer Hacker
  35. Tools Used For Hacking
  36. Hacker Security Tools
  37. What Are Hacking Tools
  38. Pentest Tools Review
  39. Hack Tools For Mac
  40. Tools 4 Hack
  41. Hacker Tools 2019
  42. Hacker
  43. Wifi Hacker Tools For Windows
  44. Install Pentest Tools Ubuntu
  45. Hacking Tools For Windows Free Download
  46. Pentest Tools Windows
  47. Tools 4 Hack
  48. Pentest Tools Windows
  49. Pentest Tools Free
  50. Hacker Tools 2020
  51. Hacker Tools
  52. Beginner Hacker Tools
  53. World No 1 Hacker Software
  54. New Hacker Tools
  55. Hack Tools Online
  56. Hacker Hardware Tools
  57. Hacking Tools Usb
  58. Pentest Tools Url Fuzzer
  59. Hacker Tools Linux
  60. How To Make Hacking Tools
  61. Best Pentesting Tools 2018
  62. Best Pentesting Tools 2018
  63. World No 1 Hacker Software
  64. Hacker Tools Mac
  65. Growth Hacker Tools
  66. Hack Tools Download
  67. New Hack Tools
  68. Hacking Tools For Pc
  69. Pentest Tools Linux
  70. Pentest Tools Find Subdomains
  71. Hacking Tools For Mac
  72. Hacker Tools Linux
  73. Hacker Search Tools
  74. Hacker Tools For Ios
  75. Hacking Tools Windows 10
  76. Kik Hack Tools
  77. Best Hacking Tools 2020
  78. Hacking Tools For Windows 7
  79. Hacker Security Tools
  80. Hacking Tools For Windows
  81. Bluetooth Hacking Tools Kali
  82. Hacking Tools Download
  83. Hacker Tools For Mac
  84. Hacking Tools For Kali Linux
  85. Hack Website Online Tool
  86. Hacking Tools Free Download
  87. Pentest Tools List
  88. Hacker Tools For Mac
  89. Hacking Tools For Windows
  90. Hacking Tools For Mac
  91. How To Make Hacking Tools
  92. Hacker Techniques Tools And Incident Handling
  93. How To Make Hacking Tools
  94. Pentest Automation Tools
  95. Hak5 Tools
  96. Hacker Tools Mac
  97. Hacking Tools
  98. Hack Tools For Windows
  99. Hacker Tools Windows
  100. World No 1 Hacker Software
  101. Hacking Tools Mac
  102. Hacking Tools Github
  103. Hack Rom Tools
  104. Install Pentest Tools Ubuntu
  105. How To Make Hacking Tools
  106. Hack Tools 2019
  107. Hacker Tools Online
  108. Pentest Tools Download
  109. Hack Tools For Ubuntu
  110. Pentest Tools Find Subdomains
  111. Pentest Tools Tcp Port Scanner
  112. Hacker Tools Online
  113. Pentest Tools Alternative
  114. Pentest Tools Website Vulnerability
  115. Hack App
  116. Hacking Tools Free Download
  117. Hacker Tools For Mac
  118. Hacking Tools Name
  119. Pentest Reporting Tools
  120. Hacking Tools 2019
  121. Free Pentest Tools For Windows
  122. Pentest Tools For Ubuntu
  123. Hacking Tools Online
  124. Hack Tools Download
  125. Hacker Tools Github
  126. Hacker Tools Free
  127. Hacking Tools Hardware
  128. Hacker Search Tools
  129. Pentest Tools Download
  130. Hacking App
  131. Hackrf Tools
  132. Hack App
  133. Hack Tools For Ubuntu
  134. Hacking Tools 2020
  135. Game Hacking
  136. Tools For Hacker
  137. Hacker Tools Github
  138. Pentest Tools For Windows
  139. Hacking Tools For Windows Free Download
  140. Pentest Tools For Windows
  141. Pentest Tools
  142. Pentest Tools For Ubuntu
  143. Computer Hacker
  144. Pentest Box Tools Download
  145. Pentest Tools Tcp Port Scanner
  146. Hacker Tools Free Download
  147. Hacking Tools And Software
  148. Hacker Tools
  149. Hacking Tools For Windows
  150. Hack Tools 2019
  151. Install Pentest Tools Ubuntu
  152. Hacker Tools List
  153. Pentest Tools For Android
  154. Hacker Tool Kit
  155. Hacker Tools For Ios
  156. Hack Apps
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)