Saturday, June 3, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related word

  1. Hack Tools Online
  2. Hacker
  3. Easy Hack Tools
  4. Hack App
  5. Hacker Security Tools
  6. Pentest Tools
  7. Hacker Tools Mac
  8. Hacking Tools Free Download
  9. Pentest Tools For Android
  10. Nsa Hacker Tools
  11. Growth Hacker Tools
  12. Hacking Tools Mac
  13. Hack Tools For Games
  14. Hacker Tools For Windows
  15. Pentest Tools Port Scanner
  16. Hacking Apps
  17. Pentest Tools Github
  18. How To Hack
  19. Hacking Tools Online
  20. Hacker Tools Free
  21. Github Hacking Tools
  22. Hacking Tools For Windows 7
  23. Best Hacking Tools 2019
  24. Hack App
  25. New Hack Tools
  26. Underground Hacker Sites
  27. Hack Tools Pc
  28. Hack Apps
  29. Physical Pentest Tools
  30. Pentest Tools Website Vulnerability
  31. Hacker Tools 2020
  32. Tools Used For Hacking
  33. Pentest Tools Apk
  34. Hacking Tools For Beginners
  35. Hacking Tools For Windows 7
  36. Hacker Tools Software
  37. Nsa Hack Tools Download
  38. Pentest Tools Android
  39. Nsa Hack Tools
  40. Pentest Tools For Windows
  41. Hacker Tools 2019
  42. Ethical Hacker Tools
  43. Pentest Tools Bluekeep
  44. Pentest Tools Alternative
  45. Computer Hacker
  46. Kik Hack Tools
  47. Hacking Tools For Kali Linux
  48. Hacker Hardware Tools
  49. How To Make Hacking Tools
  50. Pentest Tools Alternative
  51. Pentest Tools For Android
  52. Pentest Automation Tools
  53. Pentest Tools Linux
  54. Hacking Tools Windows 10
  55. Pentest Recon Tools
  56. Hacking Tools
  57. Hack Tools For Games
  58. Hacker Hardware Tools
  59. Hacker Tools Apk
  60. Growth Hacker Tools
  61. Hacking Tools Online
  62. Usb Pentest Tools
  63. Hack Tools Pc
  64. Pentest Tools Windows
  65. Pentest Tools Github
  66. Blackhat Hacker Tools
  67. How To Install Pentest Tools In Ubuntu
  68. Hacking Tools Mac
  69. Hack Tools For Mac
  70. Pentest Tools Windows
  71. New Hacker Tools
  72. Hacker Tools Mac
  73. Nsa Hack Tools Download
  74. Hacking Tools
  75. Hack Tools Online
  76. Hacker Tools Software
  77. Hacker Tools Github
  78. Hacking Tools For Windows Free Download
  79. Pentest Tools Kali Linux
  80. Hacking Tools
  81. Pentest Automation Tools
  82. Nsa Hack Tools Download
  83. How To Make Hacking Tools
  84. Pentest Tools Website
  85. Easy Hack Tools
  86. Growth Hacker Tools
  87. Hackrf Tools
  88. Hack And Tools
  89. Pentest Tools Website Vulnerability
  90. Pentest Automation Tools
  91. Pentest Tools Linux
  92. Underground Hacker Sites
  93. New Hacker Tools
  94. New Hack Tools
  95. Pentest Tools Port Scanner
  96. Hacker Tools Github
  97. Hacker Tools 2020
  98. How To Hack
  99. Ethical Hacker Tools
  100. Hak5 Tools
  101. Hacking Tools For Windows Free Download
  102. Blackhat Hacker Tools
  103. New Hack Tools
  104. Hacking Tools For Beginners
  105. Wifi Hacker Tools For Windows
  106. Hack Tools Github
  107. Hacking Tools For Windows
  108. Hacking Tools For Pc
  109. Physical Pentest Tools
  110. Hacking Tools Kit
  111. Best Pentesting Tools 2018
  112. Hack Tools Pc
  113. Hak5 Tools
  114. Hacking Tools Windows
  115. Nsa Hack Tools Download
  116. Hacking Tools Software
  117. Hacking Tools Github
  118. Hack Tools For Windows
  119. Ethical Hacker Tools
  120. Hacking Tools Hardware
  121. Hacker Tools 2019
  122. Hacker Tools For Mac
  123. Hacking Tools For Windows Free Download
  124. New Hacker Tools
  125. Hacker Hardware Tools
  126. Pentest Tools Tcp Port Scanner
  127. Termux Hacking Tools 2019
  128. Hacking Tools For Beginners
  129. Kik Hack Tools
  130. Hacking Tools Download
  131. Ethical Hacker Tools
  132. Pentest Tools For Android
  133. Hacking Tools For Mac
  134. Hacker Tools Online
  135. Hacker Tools 2019
  136. Hacking Tools Mac
  137. Pentest Tools For Windows
  138. Pentest Tools Website Vulnerability
  139. Termux Hacking Tools 2019
  140. Hacker Tool Kit
  141. Pentest Tools Open Source
  142. Hacking Tools For Windows 7
Posted by at

No comments:

Post a Comment

Have something to say about one of the videos or blogs, well here is a chance to do that now!!! Yes, you can do it, you know you can!!!!!

Subscribe to: Post Comments (Atom)