TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 

This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts

1. Hack And Tools
2. Pentest Tools Framework
3. Hacker Security Tools
4. Android Hack Tools Github
5. Hack Tools
6. Hack Tools For Ubuntu
7. Hacking Tools Free Download
8. Hacking Tools For Windows 7
9. What Is Hacking Tools
10. Hacker Tools For Mac
11. Hacker
12. Hackrf Tools
13. Hacker Tools For Mac
14. Hacking Tools Hardware
15. Hacker Tools For Mac
16. Hack Apps
17. Hacker Tools Hardware
18. World No 1 Hacker Software
19. Hack Tool Apk
20. Pentest Tools Android
21. Hack Tools Pc
22. Nsa Hack Tools Download
23. Free Pentest Tools For Windows
24. Pentest Tools Kali Linux
25. New Hack Tools
26. Nsa Hacker Tools
27. Hacking Tools Name
28. Pentest Tools Website Vulnerability
29. Beginner Hacker Tools
30. Hacker Tools For Pc
31. Hacker Tools For Mac
32. Pentest Tools Port Scanner
33. Hack Tools Download
34. Hacker Tools For Mac
35. How To Hack
36. Hacking Tools For Windows 7
37. Hacking Tools Online
38. Pentest Tools Find Subdomains
39. Pentest Tools For Mac
40. Hacking Tools Pc
41. Hacker Tools For Windows
42. Hacking App
43. Game Hacking
44. Kik Hack Tools
45. Hacking Tools Github
46. Hack Tools Download
47. Pentest Tools Download
48. Hacking Tools For Mac
49. Pentest Tools Nmap
50. New Hack Tools
51. Hack Tools Online
52. Pentest Tools Alternative
53. Android Hack Tools Github
54. Pentest Box Tools Download
55. Computer Hacker
56. Hack Tools
57. Pentest Tools For Windows
58. Hacking Tools For Windows 7
59. What Are Hacking Tools
60. Hacker Tools 2020
61. Beginner Hacker Tools
62. Hack Tools
63. Hack Tools For Mac
64. Hack Rom Tools
65. Top Pentest Tools
66. Hacking Tools For Windows
67. Hacking Tools Name
68. Hacker Tools Online
69. Hacking Tools Software
70. Pentest Tools Port Scanner
71. How To Install Pentest Tools In Ubuntu
72. What Are Hacking Tools
73. Pentest Automation Tools
74. Hacker Tools For Windows
75. Hack Tools Mac
76. Hacker Tools Free Download
77. Computer Hacker
78. Bluetooth Hacking Tools Kali
79. Hack And Tools
80. Hacker Tools Linux
81. Pentest Tools Url Fuzzer
82. Hacker Tools
83. Hacker Tools Hardware
84. Pentest Tools Subdomain
85. Hack Tools Download
86. Best Hacking Tools 2020
87. Hacking Tools 2020
88. Hacking Tools Windows
89. Hacking Tools For Windows
90. Nsa Hacker Tools
91. Growth Hacker Tools
92. Hack Tools Download
93. Hack Tools
94. Pentest Tools Open Source
95. Install Pentest Tools Ubuntu
96. Pentest Tools Website Vulnerability
97. Hacking App
98. Pentest Tools For Android
99. Hacking Tools For Mac
100. Hacker Tools Apk Download
101. Wifi Hacker Tools For Windows
102. Pentest Tools Bluekeep
103. Pentest Tools Tcp Port Scanner
104. Pentest Tools Free
105. Hacker Tools Github
106. Pentest Tools Port Scanner
107. Hacker Search Tools
108. Hacking Tools
109. Hacker Security Tools
110. Pentest Tools For Windows
111. Pentest Tools Find Subdomains
112. Pentest Tools Kali Linux
113. Tools Used For Hacking
114. Pentest Automation Tools
115. Pentest Tools Bluekeep
116. Hack Tools For Ubuntu
117. Ethical Hacker Tools
118. Pentest Tools Windows
119. Hacker Tools For Pc
120. New Hack Tools
121. Hacker Hardware Tools
122. Hack And Tools
123. Hacking Tools Windows
124. Hacking Tools For Windows 7
125. Hacker Tools For Windows
126. What Are Hacking Tools
127. Hacker Tools 2019
128. Ethical Hacker Tools
129. Github Hacking Tools
130. Game Hacking
131. Hak5 Tools
132. Nsa Hack Tools Download
133. Hack Website Online Tool
134. Top Pentest Tools
135. Best Pentesting Tools 2018
136. Hack Tools
137. Hack Tools 2019
138. Pentest Tools Port Scanner
139. Free Pentest Tools For Windows
140. Hacking Tools Github
141. Ethical Hacker Tools
142. Hacking Tools Hardware
143. Hack Apps
144. Hacking Tools Online
145. Easy Hack Tools
146. Hacking Tools For Beginners
147. Hacker Tools For Mac
148. Pentest Tools Bluekeep
149. Wifi Hacker Tools For Windows
150. Pentest Tools Online
151. Pentest Tools Url Fuzzer
152. Pentest Tools Url Fuzzer
153. Hack Tools
154. Easy Hack Tools
155. Hacking Tools Mac
156. Hacker Tools For Mac
157. Hack Tools
158. Hack Tools Pc
159. Pentest Tools Find Subdomains
160. Pentest Tools Website
161. Pentest Tools Open Source
162. Pentest Tools Download
163. Hacker Techniques Tools And Incident Handling
164. What Are Hacking Tools
165. Hacking Tools Software
166. Hacker Tools 2020
167. Hackrf Tools
168. Best Hacking Tools 2020
169. Hacker Tools List
170. Hacker