Tuesday, August 25, 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news
  1. Tools Used For Hacking
  2. Hacker Tools Apk Download
  3. Hacker Tools Online
  4. Hack Tools Github
  5. Nsa Hacker Tools
  6. Hacking Tools Windows 10
  7. Android Hack Tools Github
  8. Ethical Hacker Tools
  9. Kik Hack Tools
  10. Hacking Tools Name
  11. Pentest Tools Website Vulnerability
  12. Hacking Tools Online
  13. Nsa Hack Tools Download
  14. Underground Hacker Sites
  15. Hacker Tools For Ios
  16. Pentest Tools Website
  17. Hacking Tools Free Download
  18. Hacking Tools Download
  19. Hacking Tools And Software
  20. Hack Tool Apk
  21. Github Hacking Tools
  22. Wifi Hacker Tools For Windows
  23. Hacking Tools For Beginners
  24. Pentest Tools Nmap
  25. Hack Tools For Windows
  26. Hacking Tools Usb
  27. Hack Tools Online
  28. Pentest Tools Download
  29. Hacker Tools Free Download
  30. Pentest Tools Subdomain
  31. Hacker Tools List
  32. Hacking Tools For Windows
  33. Hack And Tools
  34. Pentest Tools Url Fuzzer
  35. Pentest Tools Download
  36. Pentest Tools Website Vulnerability
  37. Beginner Hacker Tools
  38. Pentest Tools Find Subdomains
  39. Hacking Tools 2020
  40. Hack Tools Pc
  41. Hacking Tools 2019
  42. New Hacker Tools
  43. Usb Pentest Tools
  44. Hacking Tools Name
  45. Growth Hacker Tools
  46. Hacker Tools Online
  47. Github Hacking Tools
  48. Hacker Tools For Mac
  49. Pentest Tools Find Subdomains
  50. Hackers Toolbox
  51. Best Hacking Tools 2020
  52. Blackhat Hacker Tools
  53. Pentest Tools List
  54. Hack Tool Apk No Root
  55. Hack Tools Mac
  56. Hak5 Tools
  57. Game Hacking
  58. Hacker Tools Apk Download
  59. Hacking Tools Software
  60. Hacking Tools For Games
  61. Termux Hacking Tools 2019
  62. Pentest Tools Bluekeep
  63. Tools 4 Hack
  64. Hacker Security Tools
  65. Black Hat Hacker Tools
  66. Pentest Tools Framework
  67. Best Hacking Tools 2020
  68. Pentest Tools Url Fuzzer
  69. Hack Tool Apk
  70. Pentest Recon Tools
  71. Hacking Tools And Software
  72. Pentest Tools List
  73. Hacking Tools For Windows 7
  74. Hack Tools
  75. Hacker Tools Software
  76. Hacking Tools Windows 10
  77. Hacking Apps
  78. What Is Hacking Tools
  79. Hacker Tools For Mac
  80. Hacker Tools
  81. Best Hacking Tools 2019
  82. Bluetooth Hacking Tools Kali
  83. Hacking Tools 2020
  84. Blackhat Hacker Tools
  85. Hack Tools Download
  86. Hacking Tools Windows
  87. Hacker Tools Free
  88. Hak5 Tools
  89. Hacking Tools Usb
  90. Hack Tools For Mac
  91. Hacker Tools For Pc
  92. Hacking Tools Free Download
  93. Hacker Search Tools
  94. Pentest Reporting Tools
  95. Hacker Tools For Mac
  96. Blackhat Hacker Tools
  97. Hack Rom Tools
  98. Pentest Tools Apk
  99. Hacking Apps
  100. Ethical Hacker Tools
  101. Pentest Tools For Mac
  102. Termux Hacking Tools 2019
  103. New Hacker Tools
  104. Hack Tools Online
  105. Hacking Tools Download
  106. Hacker Techniques Tools And Incident Handling
  107. Hacker Tools For Ios
  108. Hacking Apps
  109. Hacking Tools For Mac
  110. Hack Tools Online
  111. Hacking Tools Windows
  112. Hacker Tools 2020
  113. Pentest Tools For Windows
  114. Game Hacking
  115. Pentest Tools Download
  116. Hacker Tools Software
  117. Hacker Tools Apk Download
  118. Wifi Hacker Tools For Windows
  119. Hacking Tools Online
  120. Pentest Tools For Ubuntu
  121. Hacker Tools For Windows
  122. How To Hack
  123. Hack Website Online Tool
  124. Hacking Tools Windows 10
  125. Hackers Toolbox
  126. Pentest Tools Website
  127. Hack Tools Download
  128. Github Hacking Tools
  129. Hacker Tools Github
  130. Pentest Box Tools Download
  131. Tools For Hacker
  132. How To Hack
  133. Hacking Tools 2020
  134. Hacking Tools For Windows 7
  135. Pentest Tools Bluekeep
  136. Hacking App
  137. Pentest Tools Windows
  138. How To Install Pentest Tools In Ubuntu
  139. Hack Tools For Mac
  140. Hacker Tools Hardware
  141. Hacking Tools Online
  142. Hacker Tools For Mac
  143. Hacker Tools Mac
  144. Wifi Hacker Tools For Windows
  145. Usb Pentest Tools
  146. Tools 4 Hack
  147. Hack Tool Apk
  148. Pentest Tools Download
  149. Pentest Tools Port Scanner
  150. Pentest Tools Kali Linux
  151. Underground Hacker Sites
  152. Pentest Tools Bluekeep
  153. Hacking Tools Software
  154. Hackrf Tools
  155. Hacker Tools For Pc
  156. Pentest Tools Online
  157. Hacker Tools 2019
  158. Hacker Tools For Mac
  159. Hak5 Tools
  160. Pentest Box Tools Download
  161. Hacker Tools Free Download
  162. Hacker Tools Apk
  163. Hack Rom Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)