Friday, January 26, 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Read more


  1. Beginner Hacker Tools
  2. Hacking Tools And Software
  3. Hacker Hardware Tools
  4. Hack Tools
  5. Pentest Tools Framework
  6. Hacker Tools Apk Download
  7. Hack Tools Online
  8. Hacking App
  9. Hacking Tools
  10. Hack Tools For Pc
  11. Blackhat Hacker Tools
  12. How To Hack
  13. Install Pentest Tools Ubuntu
  14. Hack App
  15. Hack Tools For Pc
  16. Pentest Box Tools Download
  17. Hacking Tools For Mac
  18. Hack Tools For Games
  19. Hack Tools For Mac
  20. Hack Tools Pc
  21. Pentest Tools Subdomain
  22. Hacker Tools Mac
  23. Hacker Tools Free Download
  24. Hacker Tools List
  25. Hacker Tools For Windows
  26. Hacking Tools Download
  27. Pentest Tools Windows
  28. Hack Tools Mac
  29. Hack Tools Download
  30. What Is Hacking Tools
  31. Hacking Tools For Windows 7
  32. Pentest Box Tools Download
  33. Pentest Automation Tools
  34. Hacking Tools For Windows
  35. Hacking Apps
  36. Pentest Tools Kali Linux
  37. Pentest Tools Online
  38. Install Pentest Tools Ubuntu
  39. Underground Hacker Sites
  40. Hacker Tools 2020
  41. Hacks And Tools
  42. What Are Hacking Tools
  43. Hacker Tools 2019
  44. Hacker Tools Apk
  45. Hacker Tools Free Download
  46. Hacker Tools Apk
  47. Hack Apps
  48. Pentest Tools Subdomain
  49. Hack Tools For Windows
  50. Hacking Tools Hardware
  51. Pentest Reporting Tools
  52. Pentest Tools Review
  53. Hack Tool Apk No Root
  54. Pentest Tools Website Vulnerability
  55. Pentest Tools Alternative
  56. Termux Hacking Tools 2019
  57. Hack Tools Online
  58. Pentest Recon Tools
  59. Hacker Tools Github
  60. Pentest Tools Linux
  61. Hacker Tools Free Download
  62. Hacker Tools 2019
  63. Hacking Tools Windows
  64. World No 1 Hacker Software
  65. Pentest Tools Bluekeep
  66. Hacker Tools Free
  67. Hacking Tools Pc
  68. Pentest Tools Alternative
  69. Kik Hack Tools
  70. Hack Tools
  71. Pentest Tools Review
  72. Hacking Tools Windows 10
  73. Pentest Tools Find Subdomains
  74. Pentest Tools Tcp Port Scanner
  75. Hacking Tools For Pc
  76. Pentest Recon Tools
  77. Hacker Tools Github
  78. Pentest Box Tools Download
  79. Pentest Reporting Tools
  80. Hacker Tools For Mac
  81. Pentest Tools Apk
  82. Game Hacking
  83. Tools 4 Hack
  84. World No 1 Hacker Software
  85. Hacking Tools Windows 10
  86. Hacking Tools Download
  87. Hacker Tools
  88. Hacking Apps
  89. Hacking Tools Windows
  90. Termux Hacking Tools 2019
  91. Hack Tool Apk
  92. Pentest Automation Tools
  93. Hack Tools Online
  94. Pentest Tools Subdomain
  95. Pentest Tools Url Fuzzer
  96. Hack Website Online Tool
  97. Pentest Tools Subdomain
  98. What Is Hacking Tools
  99. How To Install Pentest Tools In Ubuntu
  100. Hacking Tools For Kali Linux
  101. Top Pentest Tools
  102. What Are Hacking Tools
  103. Pentest Tools Free
  104. Hacking Tools Mac
  105. Termux Hacking Tools 2019
  106. Physical Pentest Tools
  107. Kik Hack Tools
  108. Hacking Tools Software
  109. Pentest Tools Review
  110. Hacker Tools Apk Download
  111. Hacking Tools
  112. Hack App
  113. Game Hacking
  114. Hacking Tools Software
  115. Hacking Tools For Mac
  116. Hacker Search Tools
  117. Pentest Automation Tools
  118. Hack Tools Online
  119. How To Hack
  120. Best Hacking Tools 2019
  121. Ethical Hacker Tools
  122. Pentest Tools Windows
  123. What Is Hacking Tools
  124. Hacker Tool Kit
  125. Hack Tools For Windows
  126. Hacking Tools For Games
  127. Hacking Tools For Pc
  128. Wifi Hacker Tools For Windows
  129. Hacking Tools And Software
  130. Tools For Hacker
  131. Pentest Tools Download
  132. Pentest Tools Kali Linux
  133. Pentest Recon Tools
  134. Hacker Tools Github
  135. Hacker Hardware Tools
  136. Hack Tools
  137. Hacking Tools And Software
  138. Hacker
  139. Termux Hacking Tools 2019
  140. Hack Tools For Windows
  141. Install Pentest Tools Ubuntu
  142. Hacker Security Tools
  143. Hacking Tools Hardware
  144. Hacking Tools For Games
  145. Hack Tools Download
  146. Hacks And Tools
  147. Hacking Tools Free Download

No comments:

Post a Comment