RSS


TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

0
Posted by KP-3မိသားစု |


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news


  1. Hacking Tools Name
  2. Hack Tools For Pc
  3. Pentest Tools Apk
  4. Hacker Tools Windows
  5. Blackhat Hacker Tools
  6. New Hacker Tools
  7. Pentest Tools Download
  8. Hack Tools For Pc
  9. How To Hack
  10. Hacking Tools Download
  11. Pentest Tools Open Source
  12. Hacking Tools Kit
  13. Physical Pentest Tools
  14. Pentest Tools Online
  15. Hack Tools Download
  16. Hack Tool Apk No Root
  17. Hack Tools
  18. Kik Hack Tools
  19. Hacking Tools 2019
  20. Hacking Tools Download
  21. How To Hack
  22. Install Pentest Tools Ubuntu
  23. Best Hacking Tools 2020
  24. Pentest Tools Open Source
  25. Hack Tools Mac
  26. Hack Tools Pc
  27. Hacker Tools
  28. Pentest Automation Tools
  29. Pentest Tools For Mac
  30. Pentest Tools Tcp Port Scanner
  31. Pentest Recon Tools
  32. Hacking Tools For Kali Linux
  33. Hacking Tools For Windows Free Download
  34. Hacker Tools Free Download
  35. Hacking Tools For Mac
  36. Hacker Tools 2019
  37. Hacker Security Tools
  38. Hacks And Tools
  39. Hacker Tools Hardware
  40. Hacking Tools For Kali Linux
  41. Hacker Tools For Mac
  42. Hacker Tools 2019
  43. Hacker Tools Apk Download
  44. Pentest Tools Website Vulnerability
  45. Growth Hacker Tools
  46. Hacker Tools Apk
  47. Hacks And Tools
  48. Hack Tools
  49. Hack And Tools
  50. Hacker Techniques Tools And Incident Handling
  51. Hack Tools
  52. Pentest Tools Port Scanner
  53. Hacker Tools
  54. Pentest Tools
  55. Pentest Tools
  56. Hacker Techniques Tools And Incident Handling
  57. Hacker Tools Apk
  58. Hacker Tools 2019
  59. Black Hat Hacker Tools
  60. Hacking Tools For Games
  61. Hacking Tools 2019
  62. Hacking Tools Mac
  63. Hacker Tools For Windows
  64. Pentest Tools Bluekeep
  65. Hack Tools
  66. Wifi Hacker Tools For Windows
  67. Tools 4 Hack
  68. Hacking Tools For Windows
  69. Hacker Techniques Tools And Incident Handling
  70. Pentest Tools Linux
  71. Hacker Tools
  72. Hacking Tools Name
  73. Hack And Tools
  74. Hacking Tools Windows 10
  75. What Are Hacking Tools
  76. Hacker Search Tools
  77. Hacking Tools For Windows 7
  78. Free Pentest Tools For Windows
  79. Tools 4 Hack
  80. Hacker
  81. Hacker Tools Github
  82. Hacking Tools Kit
  83. Hacking Apps
  84. Hacker Tools Online
  85. Hacker Search Tools
  86. Pentest Tools Kali Linux
  87. Hacker Tools For Mac
  88. How To Make Hacking Tools



Related Post:

Read more »

0 comments:

Post a Comment

2010 Hi There Theme designed by Wordpress Theme| Blogger Templates by Blogger Template | Bollywood Movie Wallpaper