Tuesday, May 30, 2023

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More information
  1. Hacker Tools Mac
  2. Hacking Tools Free Download
  3. Hacker Tools Apk Download
  4. Hacking Tools Kit
  5. Hack Tool Apk
  6. Hacking Tools For Beginners
  7. New Hack Tools
  8. Hack Tools Download
  9. Hacking Tools Windows 10
  10. Hack Tool Apk No Root
  11. Nsa Hacker Tools
  12. New Hacker Tools
  13. Nsa Hack Tools Download
  14. Hacks And Tools
  15. Hack Tools Download
  16. Hacker Tools Apk
  17. Pentest Tools Tcp Port Scanner
  18. How To Hack
  19. Tools 4 Hack
  20. Pentest Tools For Ubuntu
  21. Pentest Tools Subdomain
  22. Hackrf Tools
  23. Hacking App
  24. Hacker Tools For Mac
  25. Pentest Tools Android
  26. Pentest Tools Open Source
  27. Pentest Tools Website
  28. What Are Hacking Tools
  29. Hacking Tools For Beginners
  30. Hack Tools Github
  31. Pentest Tools For Mac
  32. Hacking Tools Usb
  33. Hack Tools
  34. Pentest Tools Tcp Port Scanner
  35. Top Pentest Tools
  36. Pentest Tools Linux
  37. Hacking Tools For Kali Linux
  38. Best Hacking Tools 2019
  39. Free Pentest Tools For Windows
  40. Hacking Tools For Beginners
  41. Free Pentest Tools For Windows
  42. Pentest Tools Kali Linux
  43. Pentest Tools Find Subdomains
  44. Hack Rom Tools
  45. New Hacker Tools
  46. What Is Hacking Tools
  47. Hack Tools For Pc
  48. Hack Tools For Pc
  49. Tools For Hacker
  50. Hacker Tools Windows
  51. Wifi Hacker Tools For Windows
  52. Pentest Tools Linux
  53. Physical Pentest Tools
  54. New Hack Tools
  55. Hacker Search Tools
  56. Pentest Tools Windows
  57. Hacker Tools Free Download
  58. Hacking Tools For Windows 7
  59. Hack Tools Pc
  60. Blackhat Hacker Tools
  61. Hacking Tools Kit
  62. Hack Tool Apk No Root
  63. Hacking Tools For Mac
  64. Hacker Tools Mac
  65. How To Make Hacking Tools
  66. Tools For Hacker
  67. What Are Hacking Tools
  68. Hacker Tools Linux
  69. Hacker
  70. Nsa Hack Tools
  71. Pentest Tools Alternative
  72. Hacking Tools Name
  73. Kik Hack Tools
  74. Nsa Hack Tools
  75. Computer Hacker
  76. Hacker Tools Apk Download
  77. How To Install Pentest Tools In Ubuntu
  78. Pentest Tools For Ubuntu
  79. Hacker Tools Online
  80. Beginner Hacker Tools
  81. Pentest Tools Github
  82. Nsa Hack Tools
  83. How To Make Hacking Tools
  84. Hacking Tools Free Download
  85. Android Hack Tools Github
  86. Pentest Tools Subdomain
  87. Pentest Tools Review
  88. Beginner Hacker Tools
  89. Hacking Tools For Games
  90. Tools Used For Hacking
  91. Pentest Tools Subdomain
  92. Hacking Tools Download
  93. Pentest Tools Linux
  94. Easy Hack Tools
  95. Game Hacking
  96. Hacker Tools Linux
  97. Pentest Tools Kali Linux
  98. Hackers Toolbox
  99. Hacking Tools Pc
  100. Hacker Tools For Pc
  101. Hacking App
  102. Hacker Tools Online
  103. Hacking Tools Windows
  104. Hack Tools Online
  105. Hack Tools 2019
  106. World No 1 Hacker Software
  107. Install Pentest Tools Ubuntu
  108. Android Hack Tools Github
  109. Pentest Tools Kali Linux
  110. Pentest Tools Linux
  111. Hack Tools Download
  112. Hack Website Online Tool
  113. Pentest Tools Download
  114. Hack Rom Tools
  115. Hack Tools Download
  116. Pentest Tools For Android
  117. Hacker Search Tools
  118. Pentest Tools Find Subdomains
  119. Physical Pentest Tools
  120. Nsa Hack Tools
  121. Hack Rom Tools
  122. Nsa Hack Tools
  123. Hack Tools Pc
  124. Hacker Tools For Mac
  125. What Are Hacking Tools
  126. World No 1 Hacker Software
  127. Hacking Tools Kit
  128. Hacking Tools For Windows 7
  129. Pentest Tools Website
  130. Github Hacking Tools
  131. Growth Hacker Tools
  132. Hack App
  133. Hacking Tools Hardware
  134. Hacking Tools For Windows Free Download
  135. Hacker Tools Free Download
  136. Hack Tool Apk
  137. Hacking Tools Mac
  138. Hacking Tools For Beginners
  139. Hacker Search Tools
  140. Hacker Tools Online
  141. Wifi Hacker Tools For Windows
  142. Hackers Toolbox
  143. Hacking Tools Download
  144. Hack Tools Mac
  145. Hacking Tools Name
  146. Hacking Tools For Windows 7
  147. Hack And Tools
  148. Nsa Hack Tools Download
  149. Growth Hacker Tools
  150. What Is Hacking Tools
  151. Hacking Tools Software
  152. Best Hacking Tools 2019
  153. Hacking Tools For Mac
  154. Pentest Tools Tcp Port Scanner
  155. Pentest Tools Online
  156. Hacker
  157. New Hack Tools
  158. Nsa Hack Tools
  159. Easy Hack Tools
  160. Hacker Tools Software
  161. Beginner Hacker Tools
  162. Hacking Tools Kit
  163. Hack Tool Apk
  164. What Are Hacking Tools
  165. Hack And Tools
  166. Hacking Tools For Windows 7
  167. Hackers Toolbox
  168. Usb Pentest Tools
  169. Hacking Tools Software
  170. Hacking Tools For Windows
  171. Hacker Tools Software
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)