Pages

Amazon

Saturday, 27 January 2024

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More articles
  1. Hack Tools 2019
  2. How To Install Pentest Tools In Ubuntu
  3. What Is Hacking Tools
  4. Pentest Tools Framework
  5. Hacker Tools Online
  6. Pentest Tools Free
  7. Pentest Tools Download
  8. Github Hacking Tools
  9. Pentest Tools List
  10. Nsa Hack Tools
  11. Hacking Tools Software
  12. Pentest Tools Framework
  13. Hacker Tools Apk
  14. Pentest Tools
  15. Hack App
  16. Beginner Hacker Tools
  17. Hacker Tools
  18. Hacking Tools Download
  19. Bluetooth Hacking Tools Kali
  20. Hacker Tools List
  21. Top Pentest Tools
  22. Pentest Tools For Mac
  23. Termux Hacking Tools 2019
  24. Hack Tools For Mac
  25. Hacking Tools Hardware
  26. Hacking Tools For Beginners
  27. Pentest Tools For Windows
  28. Beginner Hacker Tools
  29. How To Make Hacking Tools
  30. What Are Hacking Tools
  31. What Is Hacking Tools
  32. Hacker Tools For Windows
  33. Top Pentest Tools
  34. Hacking Tools Software
  35. Hacking Tools Hardware
  36. Hack Apps
  37. Hacking Tools Free Download
  38. Hack Tools For Mac
  39. Hacker Hardware Tools
  40. Hacker Security Tools
  41. How To Install Pentest Tools In Ubuntu
  42. Tools Used For Hacking
  43. Beginner Hacker Tools
  44. Hacker Tools 2020
  45. Easy Hack Tools
  46. Free Pentest Tools For Windows
  47. How To Hack
  48. Hacking Tools 2020
  49. Pentest Tools For Windows
  50. Hacker Tools Free
  51. Hack Tools For Games
  52. Game Hacking
  53. Pentest Tools Windows
  54. Hack Tools Mac
  55. Pentest Tools Url Fuzzer
  56. Pentest Tools Port Scanner
  57. Pentest Tools Alternative
  58. Hacker Security Tools
  59. Hacker Search Tools
  60. Hacking Tools 2019
  61. Hack Tools Pc
  62. Hacker Tools For Pc
  63. Hacker Tools For Ios
  64. Growth Hacker Tools
  65. Hack Tools For Mac
  66. Pentest Tools Url Fuzzer
  67. Pentest Recon Tools
  68. Hack Tool Apk
  69. Hacking Tools Download
  70. Hacking Tools Usb