TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 

This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here

Related news

1. Hacker Tools Apk
2. Hacking Tools Download
3. Hacker Techniques Tools And Incident Handling
4. Hacker Tools Apk
5. Pentest Tools For Android
6. Hacker Tools Linux
7. Pentest Tools Apk
8. Hack App
9. Pentest Tools Website Vulnerability
10. Tools Used For Hacking
11. How To Hack
12. Tools Used For Hacking
13. Hack Tools
14. Hacking Tools Free Download
15. Hacker
16. Hacking Tools Github
17. Hacking Apps
18. Pentest Tools Kali Linux
19. Hacking Tools Hardware
20. Pentest Tools Port Scanner
21. Hacking Tools For Kali Linux
22. Hacker Tools Free Download
23. Pentest Recon Tools
24. Hacker Tools Github
25. Pentest Tools List
26. Hack Tools Pc
27. Hack Tools Online
28. Tools Used For Hacking
29. Hacker Tools Apk
30. Hack Tools
31. Easy Hack Tools
32. Hack Tools For Windows
33. Hacker Tools For Mac
34. Underground Hacker Sites
35. Hacking Tools Windows
36. Hacking Tools For Pc
37. Hacking Tools Download
38. Hacking Tools Hardware
39. What Are Hacking Tools
40. Growth Hacker Tools
41. Nsa Hack Tools Download
42. Hackers Toolbox
43. Hacking Tools For Kali Linux
44. Hack Apps
45. Ethical Hacker Tools
46. Pentest Tools Free
47. Pentest Recon Tools
48. Hacker Tool Kit
49. Pentest Tools Subdomain
50. Pentest Box Tools Download
51. Hacker Tools List
52. Usb Pentest Tools
53. Free Pentest Tools For Windows
54. Free Pentest Tools For Windows
55. Hack Tools Mac
56. Pentest Tools Website Vulnerability
57. Hack Tool Apk
58. Hack Tools Pc
59. Hacking Tools
60. Termux Hacking Tools 2019
61. Hack Tool Apk No Root
62. Hacking Tools Github
63. Hacking Tools For Beginners
64. Pentest Tools For Android
65. Pentest Tools Kali Linux
66. Hackers Toolbox
67. Hacker Tools
68. Growth Hacker Tools
69. Pentest Tools Framework
70. Hacker
71. Nsa Hacker Tools
72. Pentest Tools Tcp Port Scanner
73. Easy Hack Tools
74. Ethical Hacker Tools
75. Pentest Tools Online
76. Hack Tools Github
77. Ethical Hacker Tools
78. Hacking Tools Usb
79. Pentest Tools Android
80. Hacker Security Tools
81. Hacker Tools Windows
82. Hacker Tools For Pc
83. Hacking Tools Download
84. Easy Hack Tools
85. Free Pentest Tools For Windows
86. Hacker Tools Hardware
87. Hacking Tools Usb
88. Pentest Tools Linux
89. Computer Hacker
90. Hack Tools
91. Best Pentesting Tools 2018
92. Hack Tools For Ubuntu
93. Pentest Tools Download
94. Pentest Tools Port Scanner