Buscar

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

sábado, 27 de janeiro de 2024


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related links


  1. Growth Hacker Tools
  2. Pentest Tools Linux
  3. Bluetooth Hacking Tools Kali
  4. Hack Tools For Games
  5. Hack Website Online Tool
  6. Pentest Automation Tools
  7. Pentest Tools Apk
  8. Tools Used For Hacking
  9. Pentest Tools Find Subdomains
  10. Hacking Tools Software
  11. Ethical Hacker Tools
  12. Pentest Tools For Windows
  13. Hacker Tools Software
  14. Hacking Tools 2019
  15. Hacking App
  16. Hacker Search Tools
  17. Hacking Tools For Windows Free Download
  18. Hack Tools For Pc
  19. Pentest Tools Open Source
  20. Easy Hack Tools
  21. Pentest Tools Tcp Port Scanner
  22. Hacking Tools Free Download
  23. Pentest Tools Bluekeep
  24. Pentest Tools For Windows
  25. Pentest Tools Apk
  26. Hack Tools Mac
  27. Hacker Hardware Tools
  28. Install Pentest Tools Ubuntu
  29. Hack Tools Download
  30. Black Hat Hacker Tools
  31. Pentest Tools Linux
  32. Pentest Tools Port Scanner
  33. What Are Hacking Tools
  34. Best Hacking Tools 2020
  35. Hacker Tools Windows
  36. Pentest Automation Tools
  37. Hacking Tools Hardware
  38. How To Install Pentest Tools In Ubuntu
  39. Blackhat Hacker Tools
  40. Hacker Tools List
  41. New Hacker Tools
  42. Hacker Tools Windows
  43. Hack App
  44. What Are Hacking Tools
  45. Pentest Recon Tools
  46. Tools For Hacker
  47. Hack Tools For Ubuntu
  48. Hacking Tools For Kali Linux
  49. Pentest Tools Windows
  50. Hacker Tools For Pc
  51. Hack App
  52. Hacking Tools Windows 10
  53. Hacking Tools Windows
  54. Pentest Tools Nmap

Postado as 10:23  

0 comentários:

Postar um comentário

Assinar: Postar comentários (Atom)