TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 

This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More info

1. Pentest Box Tools Download
2. Nsa Hack Tools
3. Tools 4 Hack
4. Hacking Tools Pc
5. Hacking Tools Software
6. Hacking Tools Pc
7. Hacking Tools Windows 10
8. Android Hack Tools Github
9. Hack Tools For Pc
10. Underground Hacker Sites
11. Hacking Tools Software
12. Underground Hacker Sites
13. Hacking Tools Mac
14. Pentest Tools Bluekeep
15. What Is Hacking Tools
16. Pentest Tools Framework
17. Pentest Tools Windows
18. Nsa Hack Tools
19. Pentest Tools Nmap
20. Kik Hack Tools
21. How To Make Hacking Tools
22. Hacker Tools List
23. Pentest Tools Linux
24. Usb Pentest Tools
25. Hacker Tools Apk Download
26. How To Make Hacking Tools
27. Hacking Tools For Beginners
28. Nsa Hacker Tools
29. Usb Pentest Tools
30. Hacking Tools Hardware
31. Blackhat Hacker Tools
32. Pentest Tools Nmap
33. Pentest Tools Website
34. Pentest Tools For Mac
35. How To Install Pentest Tools In Ubuntu
36. Pentest Tools Tcp Port Scanner
37. Growth Hacker Tools
38. Install Pentest Tools Ubuntu
39. Hacker Tools Linux
40. Hacker Tools Windows
41. Hacking Tools Pc
42. Pentest Tools For Ubuntu
43. Github Hacking Tools
44. Hack Tools Download
45. Tools 4 Hack
46. Hacking Tools For Windows Free Download
47. Hacker Tools Github
48. Hackrf Tools
49. Kik Hack Tools
50. Hack Tools Pc
51. What Are Hacking Tools
52. Pentest Tools Windows
53. Pentest Tools Subdomain
54. Hacking Tools For Kali Linux
55. Hack Tools Mac
56. Hack Tools For Ubuntu
57. Hacking Tools Windows
58. Tools 4 Hack
59. Hacker Tool Kit
60. Pentest Tools Free
61. Underground Hacker Sites
62. Hack Apps
63. Hacking Tools For Kali Linux
64. Install Pentest Tools Ubuntu
65. Pentest Tools Find Subdomains
66. Hacking Tools For Mac
67. Hacking Tools For Games
68. Hacking Tools Name
69. What Is Hacking Tools
70. Hacker Tools Online
71. Pentest Tools Bluekeep
72. Easy Hack Tools
73. Physical Pentest Tools
74. Hacker Tools Linux
75. Hacking Tools For Windows 7
76. Pentest Tools Kali Linux
77. Hacking Tools For Windows 7
78. Hacking Tools 2019
79. Hacker Techniques Tools And Incident Handling
80. Pentest Tools Online
81. Pentest Tools Website
82. Pentest Tools Alternative
83. Hacking Tools For Beginners
84. Hacker Tools Apk Download
85. Blackhat Hacker Tools
86. Ethical Hacker Tools
87. Hack Tools For Windows
88. Hacking Tools For Pc
89. Computer Hacker
90. Hacking Tools Usb
91. Pentest Tools Online
92. Pentest Automation Tools
93. Hacking Tools Hardware
94. Hacker Tools Software
95. Easy Hack Tools
96. Hacking Tools 2019
97. Hack Apps
98. Pentest Tools For Ubuntu
99. Hacking Tools Windows
100. Hak5 Tools
101. Hacking Tools For Pc
102. Best Pentesting Tools 2018
103. Pentest Tools Port Scanner