Thursday, May 25, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related links
  1. Hacker Tools Apk Download
  2. Pentest Tools Download
  3. Pentest Automation Tools
  4. Black Hat Hacker Tools
  5. Game Hacking
  6. Pentest Tools Github
  7. Hacker Tools Apk Download
  8. Pentest Tools Review
  9. Game Hacking
  10. Pentest Tools Framework
  11. Tools Used For Hacking
  12. New Hacker Tools
  13. Hack Tools 2019
  14. Hacking Tools Windows 10
  15. Tools 4 Hack
  16. Tools For Hacker
  17. Best Hacking Tools 2020
  18. Pentest Tools Nmap
  19. What Is Hacking Tools
  20. Pentest Tools Subdomain
  21. Hacking Tools Windows
  22. Nsa Hacker Tools
  23. Hacking Tools 2020
  24. Hacker Tools For Windows
  25. How To Make Hacking Tools
  26. Pentest Tools Url Fuzzer
  27. Hacking Tools Kit
  28. Hacker Tool Kit
  29. Best Hacking Tools 2019
  30. Hacker Tools Apk
  31. Pentest Tools Framework
  32. How To Make Hacking Tools
  33. Hacker Tools Free Download
  34. Hacking Tools 2019
  35. Pentest Tools Open Source
  36. Termux Hacking Tools 2019
  37. How To Hack
  38. Hacking Tools Kit
  39. Android Hack Tools Github
  40. Hacker Tools Hardware
  41. Tools Used For Hacking
  42. Pentest Tools Website Vulnerability
  43. Hacker Tools Free
  44. Pentest Tools For Android
  45. Hacking Tools Online
  46. Hack Tool Apk No Root
  47. Hacking Tools 2020
  48. Hacking Tools Online
  49. Hacking Tools Software
  50. Pentest Reporting Tools
  51. Hack Tools Online
  52. Hacker Security Tools
  53. Termux Hacking Tools 2019
  54. Ethical Hacker Tools
  55. Hacking Tools Github
at

No comments:

Post a Comment

All comments are welcome, but if you choose to comment using the "anonymous" button, please be sure to include your name at the end. All TRULY anonymous comments will be deleted. Thanks for your understanding...Blaine (aka 5KidMom)