TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 

This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here

Read more

1. Hacker Tools Free Download
2. Usb Pentest Tools
3. Pentest Tools Url Fuzzer
4. Hacking Tools Software
5. Hacking Tools Pc
6. Game Hacking
7. Free Pentest Tools For Windows
8. Wifi Hacker Tools For Windows
9. Hacker Tools For Pc
10. Hack Tools For Mac
11. Bluetooth Hacking Tools Kali
12. Pentest Tools Download
13. Hacker Hardware Tools
14. Android Hack Tools Github
15. Hacker Tool Kit
16. Pentest Tools Nmap
17. Hackrf Tools
18. Hacker Hardware Tools
19. Hack Tool Apk No Root
20. Hacker Tools For Ios
21. Hacking Tools And Software
22. Hacker Tools Free
23. Pentest Tools Alternative
24. Hacking Tools Mac
25. Hacking Tools For Kali Linux
26. Pentest Box Tools Download
27. Pentest Tools Website Vulnerability
28. Hack Tools Github
29. Kik Hack Tools
30. Hack Website Online Tool
31. Hacking Tools 2020
32. Free Pentest Tools For Windows
33. Pentest Tools Android
34. Black Hat Hacker Tools
35. Pentest Tools Github
36. Pentest Tools For Mac
37. Pentest Tools For Windows
38. Best Hacking Tools 2020
39. Hacking Tools Online
40. Hacker Tools Apk
41. Hacker Tools For Ios
42. Hack Tool Apk No Root
43. Pentest Tools
44. Hackrf Tools
45. Termux Hacking Tools 2019
46. Pentest Tools Nmap
47. Ethical Hacker Tools
48. Hacker Tool Kit
49. Android Hack Tools Github
50. Best Hacking Tools 2019
51. Hacker Tools Apk Download
52. Hacking Tools For Windows
53. Hacking Tools Mac
54. Pentest Tools Framework
55. Usb Pentest Tools
56. Github Hacking Tools
57. What Is Hacking Tools
58. Hacking Tools Software
59. Hacker Tool Kit
60. Pentest Automation Tools
61. Pentest Tools Find Subdomains
62. Hak5 Tools
63. Hack Tools Mac
64. Usb Pentest Tools
65. Hacker Tools Windows
66. Pentest Tools Url Fuzzer
67. Hacker Tools Hardware
68. What Is Hacking Tools
69. Hacking Tools Name
70. Hack Tools For Windows
71. Hack Tools
72. Pentest Tools Tcp Port Scanner
73. Hacker Tools Hardware
74. Hacker Tools Apk Download
75. Hacking Tools Usb
76. Pentest Tools Open Source
77. Pentest Tools Port Scanner
78. Pentest Tools Alternative
79. Pentest Tools Framework
80. Hacker Tools For Ios
81. New Hack Tools
82. Pentest Tools Website Vulnerability
83. Hacker Tools Free
84. Hack And Tools
85. Ethical Hacker Tools
86. Hacking Tools For Kali Linux
87. Hacker Tools
88. Best Pentesting Tools 2018
89. Pentest Tools Windows
90. Hack Tool Apk
91. Hack Tools Github
92. Hacking Tools Mac
93. Hacker Tools
94. Pentest Tools For Ubuntu
95. Hacking Tools For Windows
96. Pentest Automation Tools
97. Tools Used For Hacking
98. Computer Hacker
99. Pentest Box Tools Download
100. Hack Tools For Ubuntu
101. Hacker Tools Mac
102. Top Pentest Tools
103. Best Pentesting Tools 2018
104. Hacker Tools 2019
105. Underground Hacker Sites
106. How To Install Pentest Tools In Ubuntu
107. Nsa Hack Tools
108. Hacking Tools Kit
109. Black Hat Hacker Tools
110. Hacking Tools For Kali Linux
111. Pentest Tools Bluekeep
112. Bluetooth Hacking Tools Kali
113. Pentest Tools Linux
114. Hack Tools For Ubuntu
115. Pentest Box Tools Download
116. Game Hacking
117. Wifi Hacker Tools For Windows
118. Hack Tools
119. Pentest Automation Tools
120. Hack Tools Online
121. Pentest Box Tools Download
122. Hacker Tools Linux
123. Tools Used For Hacking
124. Hacking Apps
125. Growth Hacker Tools
126. Hacker Tools Github
127. Top Pentest Tools
128. Hacker
129. Kik Hack Tools
130. Hacking Tools For Games
131. Hacking Tools Download
132. Hacker
133. Computer Hacker
134. Pentest Reporting Tools
135. Bluetooth Hacking Tools Kali
136. Hack Website Online Tool
137. Hack Tools Pc
138. Hacking Tools Mac
139. Nsa Hack Tools Download
140. Bluetooth Hacking Tools Kali
141. Hack Tools 2019
142. Hack Tools Download
143. Hacking Tools For Games
144. Pentest Tools Subdomain
145. Hacker Search Tools
146. Hacking Tools Software
147. Hack Tools 2019
148. Tools For Hacker
149. Pentest Automation Tools
150. Ethical Hacker Tools
151. Hacking Tools Name
152. Hacking Tools 2019
153. Hack Tools Github
154. Pentest Reporting Tools
155. Hack Tools For Windows
156. Hacker Tools Online
157. Pentest Tools Android
158. Hacking Tools Mac
159. Ethical Hacker Tools
160. Game Hacking
161. Hacking Tools For Windows Free Download
162. Pentest Tools Bluekeep
163. Hacking Tools Free Download

Tweet

Postingan terkait:

Ditulis ceo.rss — Senin, 22 Januari 2024 — Add Comment