Publica tus comentarios, quejas, sugerencias, anécdotas o lo quieras decir al concho o a la comunidad universitaria enviándolo vía e-mail a la dirección que aparece aquí arriba, es decir:

comunidaduc.corcholibre@blogger.com



domingo, 23 de agosto de 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related posts


  1. Nsa Hack Tools
  2. Pentest Tools For Mac
  3. Hack Tools For Ubuntu
  4. Pentest Tools Github
  5. Easy Hack Tools
  6. How To Make Hacking Tools
  7. Hacker Tools Github
  8. Pentest Tools Find Subdomains
  9. How To Make Hacking Tools
  10. Hacker Tools Apk
  11. Hacker Hardware Tools
  12. Hack Tools 2019
  13. Hacking Tools For Windows Free Download
  14. Hack Tools
  15. Nsa Hack Tools
  16. Pentest Recon Tools
  17. Hack Tools Download
  18. Best Hacking Tools 2019
  19. Hacking Tools Online
  20. Hacker Tools Free
  21. Hack Tool Apk No Root
  22. Hacking Tools For Windows 7
  23. Pentest Tools Free
  24. Hacking Tools Kit
  25. Hacking Apps
  26. Hack Tools For Mac
  27. Nsa Hack Tools
  28. Hacker Tools Linux
  29. Hacking Tools Kit
  30. Easy Hack Tools
  31. Hacking Tools Pc
  32. Hacking Tools
  33. Hacker Tools Online
  34. Hacker
  35. Hack Tool Apk
  36. Android Hack Tools Github
  37. Hacking Tools Usb
  38. Pentest Tools Bluekeep
  39. Hacker Tools Hardware
  40. Pentest Tools Framework
  41. Hack Tools Github
  42. Hacker Tools For Ios
  43. Pentest Tools Github
  44. Hacker Tool Kit
  45. Pentest Tools Free
  46. Hacking Tools Hardware
  47. Pentest Tools Free
  48. Hacking Tools
  49. Hacking Tools Usb
  50. Hacking Tools 2020
  51. Physical Pentest Tools
  52. Pentest Tools Review
  53. Hacks And Tools
  54. Hacker Tools
  55. Hacker Tools Windows
  56. Hack Tools Github
  57. Pentest Tools Subdomain
  58. Hacking Tools For Kali Linux
  59. Install Pentest Tools Ubuntu
  60. Pentest Tools Kali Linux
  61. Hacker Tools For Pc
  62. What Is Hacking Tools
  63. Tools 4 Hack
  64. Hacking Tools Hardware
  65. Hacker
  66. Hacking Tools 2020
  67. Hack Website Online Tool
  68. Hacker Tools Free Download
  69. Hacking Tools And Software
  70. Hacking Tools For Mac
  71. Hack Tools
  72. Bluetooth Hacking Tools Kali
  73. Hacker Security Tools
  74. Hacker
  75. Tools Used For Hacking
  76. Nsa Hacker Tools
  77. Easy Hack Tools
  78. Hacker Tools Windows
  79. Hack Tools Github
  80. Hacking Tools Name
  81. Hack Tools For Games
  82. Hacking Tools Free Download
  83. Hack Tools
  84. Hack Tools Online
  85. Pentest Tools Github
  86. Free Pentest Tools For Windows
  87. Hacking Tools 2020
  88. Pentest Tools Github
  89. Tools Used For Hacking
  90. Hacking Tools For Mac
  91. Tools Used For Hacking
  92. Hacker Search Tools
  93. Hacking Tools For Games
  94. Hacker Tools Free
  95. Pentest Tools Free
  96. Nsa Hack Tools
  97. Hacker Hardware Tools
  98. How To Make Hacking Tools
  99. New Hack Tools
  100. Hacker Tools Free
  101. Hacker Tool Kit
  102. Hacking Tools And Software
  103. Pentest Tools Subdomain
  104. Hacking Tools For Windows 7
  105. Hack Tool Apk No Root
  106. What Is Hacking Tools
  107. Android Hack Tools Github
  108. Hack Tools
  109. Hacking Tools For Pc
  110. Tools 4 Hack
  111. Hacking Tools Windows
  112. Hacker Tools For Windows
  113. Hack Tools Github
  114. Hacker Tools Online
  115. Pentest Tools Alternative
  116. Hack Tool Apk No Root
  117. Pentest Tools For Android
  118. Pentest Tools Url Fuzzer
  119. Hacking Tools Download
  120. Pentest Tools Alternative
  121. Pentest Tools Linux
  122. Pentest Tools Kali Linux
  123. Hak5 Tools
  124. Pentest Tools For Ubuntu
  125. Hack Tools Mac
  126. Pentest Tools Free
  127. Pentest Tools Alternative
  128. Pentest Tools Review
  129. Hacking Tools For Kali Linux
  130. Pentest Tools Android
  131. Hack Tools For Ubuntu
  132. Pentest Reporting Tools
  133. Pentest Box Tools Download
  134. Pentest Tools For Mac
  135. Pentest Tools Online
  136. Pentest Tools Review
  137. What Is Hacking Tools
  138. Hacking Apps
  139. Pentest Tools Nmap
  140. Pentest Tools Windows
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)