miércoles, 24 de enero de 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news


  1. World No 1 Hacker Software
  2. Hacking Tools Kit
  3. Hacking Tools Usb
  4. Hacking Tools Hardware
  5. Pentest Tools Linux
  6. Pentest Automation Tools
  7. Hak5 Tools
  8. Top Pentest Tools
  9. Hack Tool Apk No Root
  10. Tools Used For Hacking
  11. New Hacker Tools
  12. Pentest Tools Review
  13. Pentest Tools Apk
  14. Hack Tools
  15. Hack And Tools
  16. Physical Pentest Tools
  17. Pentest Tools Online
  18. Ethical Hacker Tools
  19. Pentest Tools Url Fuzzer
  20. Pentest Tools Tcp Port Scanner
  21. Pentest Tools Github
  22. Hacker Tools For Windows
  23. Pentest Tools Github
  24. Computer Hacker
  25. Hack Tools
  26. Hacker Security Tools
  27. Hack Tool Apk No Root
  28. Hacking Tools And Software
  29. Hackers Toolbox
  30. Nsa Hacker Tools
  31. Hacker Search Tools
  32. Hacker Tools Github
  33. Hacker Tools Apk
  34. Pentest Tools Website
  35. Hack Tools For Ubuntu
  36. Hacker Tools Online
  37. Hacking Tools
  38. What Is Hacking Tools
  39. Github Hacking Tools
  40. Hacker Tools 2019
  41. Hacker Tools List
  42. Hacking Tools Windows 10
  43. Hacker Tools Github
  44. Pentest Tools Bluekeep
  45. Ethical Hacker Tools
  46. Physical Pentest Tools
  47. Underground Hacker Sites
  48. Hacking Tools Software
  49. Pentest Tools Find Subdomains
  50. Nsa Hack Tools
  51. What Are Hacking Tools
  52. Install Pentest Tools Ubuntu
  53. Hacker Tools Linux
  54. Hacking Tools Windows
  55. Hackers Toolbox
  56. Pentest Tools For Android
  57. Pentest Tools Apk
  58. Best Hacking Tools 2020
  59. Hacker Tools 2019
  60. Hacking Tools 2020
  61. Physical Pentest Tools
  62. Pentest Tools Windows
  63. Pentest Tools Website
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)