Friday, 26 May 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More information


  1. Pentest Tools For Ubuntu
  2. Hacking Tools For Kali Linux
  3. Pentest Tools Linux
  4. Easy Hack Tools
  5. Hack Tools For Mac
  6. Hacking Tools Usb
  7. Android Hack Tools Github
  8. Hack Tools For Ubuntu
  9. Hacker Tools Github
  10. Hack Tool Apk
  11. Hacker Hardware Tools
  12. Hacker Tools Hardware
  13. Hacking Apps
  14. Hacking Tools Hardware
  15. Hack Tools
  16. Hack Tools Online
  17. Hacks And Tools
  18. Hacking Tools Usb
  19. Hack Tools 2019
  20. Hack Tools Github
  21. Hackers Toolbox
  22. Game Hacking
  23. Pentest Tools
  24. Hack Apps
  25. Hack Tools Pc
  26. Hacker Security Tools
  27. Hack Rom Tools
  28. Pentest Reporting Tools
  29. Hacking Tools Windows 10
  30. Github Hacking Tools
  31. Black Hat Hacker Tools
  32. Hacking Tools For Pc
  33. Hack And Tools
  34. Black Hat Hacker Tools
  35. Pentest Tools Kali Linux
  36. Nsa Hack Tools
  37. Pentest Tools Windows
  38. Pentest Tools Alternative
  39. Hacking Tools Online
  40. Hacker Tools Mac
  41. Termux Hacking Tools 2019
  42. Ethical Hacker Tools
  43. Hacker Tools For Mac
  44. Hacker Tools 2019
  45. Pentest Tools Windows
  46. Termux Hacking Tools 2019
  47. Hack Tool Apk No Root
  48. Hack Tools Download
  49. Hacker Tools
  50. Hacking Tools Name
  51. Hack Tools For Windows
  52. Hacking Tools Download
  53. Hack Tool Apk No Root
  54. Hack App
  55. Underground Hacker Sites
  56. Blackhat Hacker Tools
  57. Pentest Tools Download
  58. Hacking Tools Hardware
  59. Hacker Tools Hardware
  60. Hacker
  61. Android Hack Tools Github
  62. Termux Hacking Tools 2019
  63. What Is Hacking Tools
  64. Pentest Tools Url Fuzzer
  65. What Are Hacking Tools
  66. Hacker Tools List
  67. Hacker Tool Kit
  68. Hacker Tools 2020
  69. Hack Tools
  70. Hacker Tools Github
  71. Computer Hacker
  72. Hacker Security Tools
  73. Hack Tools
  74. Hacker Tools For Pc
  75. Hacking Tools For Windows 7
  76. Best Hacking Tools 2020
  77. Hack Tool Apk No Root
  78. Hacker Tools Free
  79. Hacking Tools For Games
  80. Hacking Tools Mac
  81. Hack Tools Online
  82. Pentest Recon Tools
  83. Tools 4 Hack
  84. Pentest Tools Website
  85. Hacking Tools Usb
  86. Pentest Tools Windows
  87. Hacker Tools Mac
  88. Hacking Tools Online
  89. Tools 4 Hack
  90. Hacking Tools Usb
  91. How To Install Pentest Tools In Ubuntu
  92. New Hack Tools
  93. Hack Tools For Mac
  94. Hacking Tools For Pc
  95. Hacker Tool Kit
  96. Nsa Hack Tools Download
  97. Hacker Tools Free
  98. Hack Website Online Tool
  99. Pentest Tools Website Vulnerability
  100. Hacks And Tools
  101. Hack Tools Github
  102. Pentest Tools Online
  103. Tools Used For Hacking
  104. Pentest Tools Alternative
  105. Pentest Tools Nmap
  106. Hack Tools 2019
  107. Bluetooth Hacking Tools Kali
  108. Hacking Tools For Beginners
  109. Hacking Tools Download
  110. Pentest Tools Nmap
  111. Best Hacking Tools 2019
  112. Hacking Apps
  113. Pentest Tools Website Vulnerability
  114. What Are Hacking Tools
  115. Hacking Tools Github
  116. Hacker Tools Apk
  117. Hacking Tools Hardware
  118. Hacking Tools For Pc
  119. New Hack Tools
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)