TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

Posted in 1:57 AM

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related articles


  1. Game Hacking
  2. Hacker Tools List
  3. Pentest Reporting Tools
  4. Pentest Tools Subdomain
  5. New Hacker Tools
  6. Pentest Tools Website
  7. Hack Tools Download
  8. Bluetooth Hacking Tools Kali
  9. Pentest Tools Website
  10. Hacker Tools For Ios
  11. Pentest Tools Github
  12. Pentest Tools Download
  13. Hacking Tools Windows
  14. Hacker Tools Online
  15. Tools Used For Hacking
  16. Hacking Tools 2019
  17. Bluetooth Hacking Tools Kali
  18. Hacks And Tools
  19. Hacking Tools Online
  20. What Are Hacking Tools
  21. Pentest Tools Review
  22. Hacking Tools For Pc
  23. Wifi Hacker Tools For Windows
  24. Hack Tool Apk
  25. Hacker Security Tools
  26. Hacking Tools Usb
  27. Hacking Tools Pc
  28. Hacking Tools Windows
  29. Hacking App
  30. Hacking Tools Usb
  31. Pentest Tools Port Scanner
  32. Hacker Tool Kit
  33. Pentest Tools Subdomain
  34. Hacking Tools Download
  35. Hacking Tools
  36. Hack And Tools
  37. Pentest Tools Review
  38. Install Pentest Tools Ubuntu
  39. Pentest Tools Subdomain
  40. Pentest Tools
  41. Hacker Tools Online
  42. Hacking Tools Online
  43. Hacker Tools Online
  44. Hackrf Tools
  45. Growth Hacker Tools
  46. Pentest Tools For Android
  47. Hacking Tools Pc
  48. Blackhat Hacker Tools
  49. Pentest Tools Find Subdomains
  50. Physical Pentest Tools
  51. Black Hat Hacker Tools
  52. Pentest Tools Github
  53. Android Hack Tools Github
  54. How To Install Pentest Tools In Ubuntu
  55. Pentest Tools Nmap
  56. Hacker Tools
  57. How To Install Pentest Tools In Ubuntu
  58. Hack Tools For Windows
  59. Physical Pentest Tools
  60. Nsa Hacker Tools
  61. Nsa Hack Tools Download
  62. Hackrf Tools
  63. Hack Tools
  64. Hacker Tools
  65. Tools For Hacker
  66. Hacker Tools For Mac
  67. Pentest Tools Nmap
  68. Bluetooth Hacking Tools Kali
  69. Nsa Hack Tools
  70. Hack Tools
  71. Hacker Security Tools
  72. Hacking Tools
  73. Tools Used For Hacking
  74. New Hacker Tools
  75. Nsa Hack Tools Download
  76. Wifi Hacker Tools For Windows
  77. Beginner Hacker Tools
  78. Hacking Tools Name
  79. Install Pentest Tools Ubuntu
  80. Black Hat Hacker Tools
  81. Hacking Apps
  82. Hack Tools Online
  83. Termux Hacking Tools 2019
  84. How To Hack
  85. Hack And Tools
  86. Hack Tools For Pc
  87. Game Hacking
  88. Pentest Tools Open Source
  89. Pentest Tools Open Source
  90. Hacker Tools Free Download
  91. Nsa Hacker Tools
  92. Black Hat Hacker Tools
  93. Hacker Hardware Tools
  94. Pentest Automation Tools
  95. Hack Tools Online
  96. Hacker Tools Apk Download
  97. Pentest Tools Website Vulnerability
  98. Hack Tools Download
  99. Computer Hacker
  100. New Hacker Tools
  101. Pentest Tools Review
  102. Hackrf Tools
  103. Pentest Tools Subdomain
  104. How To Hack
  105. Nsa Hacker Tools
  106. Hacking Apps
  107. Hacking Tools 2019
  108. New Hacker Tools
  109. Android Hack Tools Github
  110. Hack Tools
  111. Pentest Tools Free
  112. Hacking Tools For Windows
  113. Hacker
  114. Hacker Tools Free Download
  115. Bluetooth Hacking Tools Kali
  116. Hacker
  117. Hacker Security Tools
  118. Hacker Tools For Ios
  119. How To Install Pentest Tools In Ubuntu
  120. Hacker Hardware Tools
  121. Free Pentest Tools For Windows
  122. Hack App
  123. Best Hacking Tools 2020
  124. Pentest Tools Open Source
  125. Hacking Tools For Windows 7
  126. Hack Tools Mac
  127. Pentest Tools Kali Linux
  128. Pentest Tools Tcp Port Scanner
  129. Hacking Tools Free Download
  130. Growth Hacker Tools
  131. Pentest Recon Tools
  132. Pentest Tools Open Source
  133. Hacker Tools Github
  134. Hacker Tools Online
  135. Termux Hacking Tools 2019
  136. Hacker Tools Github
  137. Hack Tools For Mac
  138. How To Make Hacking Tools
  139. Hacking Tools 2020
  140. Pentest Automation Tools
  141. Hacker Tools Online
  142. Hacking Tools For Games
  143. Pentest Tools Subdomain
  144. Nsa Hacker Tools
  145. Pentest Tools
  146. Hack Tools For Games
  147. Hacking Tools Pc
  148. What Are Hacking Tools
  149. Pentest Tools Nmap
  150. Pentest Tools List
  151. Hack Tools For Windows
  152. Hacker Tools For Ios
  153. Top Pentest Tools
  154. Pentest Tools For Mac
  155. Hack Tools For Ubuntu
  156. Free Pentest Tools For Windows
  157. Hack Tools
  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)

0 Response to "TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)"

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright 2009 http://www.letstreamyx.net