2024年1月25日木曜日

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More info
  1. Hacker Tools Linux
  2. Pentest Tools Github
  3. Hacking Tools Windows 10
  4. Hacking Tools For Windows 7
  5. Hacker Search Tools
  6. Hacker Security Tools
  7. Pentest Tools Linux
  8. How To Make Hacking Tools
  9. Hack Tools For Ubuntu
  10. Hacking Tools For Pc
  11. Pentest Tools Windows
  12. Hacker Tools Mac
  13. Hack Tools For Windows
  14. Hacking Tools Free Download
  15. Hacking Tools For Kali Linux
  16. Game Hacking
  17. How To Hack
  18. World No 1 Hacker Software
  19. Hacking Tools Online
  20. Easy Hack Tools
  21. Hacker Security Tools
  22. Hacking Tools Name
  23. Hacking Tools For Mac
  24. Pentest Tools Bluekeep
  25. Hack Tools Download
  26. Hack Tools For Pc
  27. Pentest Tools Framework
  28. Computer Hacker
  29. Pentest Tools Windows
  30. Hacker Tools Apk Download
  31. Hack Tool Apk
  32. Hacker Tools
  33. Growth Hacker Tools
  34. Hacks And Tools
  35. Top Pentest Tools
  36. Tools Used For Hacking
  37. Hacking Tools Kit
  38. Black Hat Hacker Tools
  39. Hack Tool Apk
  40. Pentest Tools Url Fuzzer
  41. Hacking Tools Download
  42. Top Pentest Tools
  43. Hacking Tools Free Download
  44. Tools Used For Hacking
  45. World No 1 Hacker Software
  46. Hacking Tools Download
  47. Hacking Tools Name
  48. Pentest Tools For Ubuntu
  49. Hack Tool Apk
  50. Pentest Tools Apk
  51. Hacking Tools Online
  52. Physical Pentest Tools
  53. Hacker Security Tools
  54. Hackrf Tools
  55. Nsa Hacker Tools
  56. Hacker Tool Kit
  57. Hack And Tools
  58. Usb Pentest Tools
  59. Hacking Tools For Mac
  60. Pentest Tools Open Source
  61. Kik Hack Tools
  62. Hack Tools For Windows
  63. Pentest Tools Github
  64. Termux Hacking Tools 2019
  65. Hacker
  66. Install Pentest Tools Ubuntu
  67. Hacker Tools List
  68. Hack Tools For Games
  69. Hacking Tools Windows
  70. Best Hacking Tools 2020
  71. Pentest Tools Url Fuzzer
投稿者 時刻:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)