Pages

Monday, January 22, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Read more
  1. How To Hack
  2. Pentest Tools Kali Linux
  3. Pentest Automation Tools
  4. Blackhat Hacker Tools
  5. Pentest Tools Free
  6. Pentest Tools Website Vulnerability
  7. Hack And Tools
  8. Pentest Tools Kali Linux
  9. Hacking Tools Kit
  10. Pentest Tools Review
  11. Bluetooth Hacking Tools Kali
  12. Hack Apps
  13. Pentest Tools Apk
  14. Hack Tools 2019
  15. Bluetooth Hacking Tools Kali
  16. Pentest Reporting Tools
  17. Hacker Tools For Ios
  18. Pentest Tools For Mac
  19. Hacker Tools Apk
  20. Pentest Tools Online
  21. Pentest Tools Review
  22. Pentest Tools Website
  23. How To Install Pentest Tools In Ubuntu
  24. Pentest Tools Download
  25. Hacker Tools For Mac
  26. Beginner Hacker Tools
  27. Nsa Hacker Tools
  28. Hack Tools For Pc
  29. Hack Rom Tools
  30. Pentest Automation Tools
  31. Hacker Hardware Tools
  32. Hack Tools 2019
  33. Ethical Hacker Tools
  34. Hacker Tools Github
  35. Tools 4 Hack
  36. Pentest Reporting Tools
  37. Pentest Tools Bluekeep
  38. New Hacker Tools
  39. Hacker Tools For Pc
  40. Pentest Tools Framework
  41. New Hack Tools
  42. Best Hacking Tools 2020
  43. Hacker Tools 2019
  44. Hacking Tools Windows
  45. Best Hacking Tools 2020
  46. Hacking Tools 2020
  47. Pentest Tools
  48. Hack Tools
  49. Free Pentest Tools For Windows
  50. How To Hack
  51. Blackhat Hacker Tools
  52. Pentest Recon Tools

No comments:

Post a Comment