domingo, 23 de agosto de 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts
  1. Hacker Techniques Tools And Incident Handling
  2. Pentest Tools Windows
  3. Hacking Tools For Windows
  4. Hacking App
  5. Hacker Tools For Pc
  6. Hacking Tools For Windows Free Download
  7. Pentest Tools Website
  8. Pentest Tools Alternative
  9. Pentest Tools Open Source
  10. Pentest Tools For Ubuntu
  11. Pentest Recon Tools
  12. Beginner Hacker Tools
  13. Hacking Tools For Windows
  14. Pentest Tools Website
  15. New Hack Tools
  16. Pentest Tools Website
  17. Free Pentest Tools For Windows
  18. Best Hacking Tools 2020
  19. Hack Tools For Windows
  20. Github Hacking Tools
  21. How To Hack
  22. How To Make Hacking Tools
  23. Pentest Recon Tools
  24. Pentest Tools Open Source
  25. Hacker Search Tools
  26. Pentest Tools Url Fuzzer
  27. Hacker Tool Kit
  28. Pentest Tools Website
  29. Pentest Tools Nmap
  30. Hacking Tools Online
  31. Install Pentest Tools Ubuntu
  32. Best Hacking Tools 2019
  33. Easy Hack Tools
  34. Pentest Tools For Mac
  35. Hacker Techniques Tools And Incident Handling
  36. World No 1 Hacker Software
  37. Hack Tools
  38. Pentest Tools Review
  39. Hacking Tools 2020
  40. Hacking Tools Download
  41. Hacker Tools Linux
  42. Hak5 Tools
  43. Hack Tools For Pc
  44. Hacking Tools 2020
  45. Pentest Tools Review
  46. Hacker Tools Windows
  47. Hack And Tools
  48. Hacking App
  49. Hacker Tools Mac
  50. Pentest Tools Github
  51. Hacking Apps
  52. Hack Tools Github
  53. Hacking Tools For Games
  54. Pentest Tools Linux
  55. Hack Tools For Games
  56. How To Make Hacking Tools
  57. Pentest Box Tools Download
  58. Hacking App
  59. Hacker Techniques Tools And Incident Handling
  60. Hacker Tools Windows
  61. Hacker Tools For Mac
  62. Hacking Tools For Windows 7
  63. Hack Tools For Pc
  64. How To Install Pentest Tools In Ubuntu
  65. Android Hack Tools Github
  66. Hacking Tools For Windows Free Download
  67. Beginner Hacker Tools
  68. Pentest Tools Framework
  69. Hacking Tools Online
  70. Hacker Techniques Tools And Incident Handling
  71. Hacker Tools List
  72. Hacking Tools For Mac
  73. Hack Tools Github
  74. Hack And Tools
  75. Hacker Tools 2020
  76. Hacker Tools Software
  77. Best Hacking Tools 2020
  78. Underground Hacker Sites
  79. Pentest Tools Kali Linux
  80. Hack Tools For Ubuntu
  81. Nsa Hack Tools Download
  82. What Are Hacking Tools
  83. Hacking App
  84. Hak5 Tools
  85. Pentest Tools Github
  86. Hacker Tools Online
  87. Pentest Tools Subdomain
  88. Hack Tools Mac
  89. Hacker Tools 2019
  90. Hack Tools Mac
  91. Pentest Tools Website
  92. Hacking Tools Windows
  93. Hacking Tools
  94. Pentest Tools Find Subdomains
  95. Hack Tools For Windows
  96. Hack Tools Mac
  97. Pentest Tools Free
  98. Hacker Tools Free Download
  99. Top Pentest Tools
  100. Hack Tools Download
  101. New Hack Tools
  102. Pentest Reporting Tools
  103. Best Pentesting Tools 2018
  104. Hacks And Tools
  105. Hacker Tools Apk Download
  106. Hacker Hardware Tools
  107. Pentest Box Tools Download
  108. Blackhat Hacker Tools
  109. Hack And Tools
  110. Hack Tools Online
  111. Hacker Tools Software
  112. Blackhat Hacker Tools
  113. Hacker Tools Mac
  114. Wifi Hacker Tools For Windows
  115. Hackrf Tools
  116. Pentest Tools Port Scanner
  117. Free Pentest Tools For Windows
  118. Hacking Tools Kit
  119. Hacking Tools Windows
  120. Hack Tools For Pc
  121. Physical Pentest Tools
  122. Hack Tools For Mac
  123. Hacker
  124. Tools For Hacker
  125. Hacker Security Tools
  126. How To Make Hacking Tools
  127. Pentest Tools Free
  128. Hacking Apps
  129. Pentest Tools Kali Linux
  130. Hacker Tools For Windows
  131. Hacker Tools Github
  132. Hacker Tools Free Download
  133. What Is Hacking Tools
  134. Hack Tool Apk No Root
  135. Game Hacking
  136. Hacker Tools Software
  137. Hack Tools For Games
  138. Hacker Hardware Tools

Nenhum comentário: