TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 

This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here

More articles

1. Pentest Tools Review
2. Hacking Tools For Games
3. Hacking Tools For Pc
4. Hack Tool Apk
5. World No 1 Hacker Software
6. Free Pentest Tools For Windows
7. Hack Tools Online
8. Hacking Tools Free Download
9. Hacker Tools Windows
10. Hack Tools
11. What Is Hacking Tools
12. Beginner Hacker Tools
13. Hack Tools
14. Pentest Tools Open Source
15. Github Hacking Tools
16. Hacking Tools Pc
17. Hackers Toolbox
18. Hack Website Online Tool
19. Hack Tools Download
20. Pentest Tools Port Scanner
21. Pentest Tools Review
22. Hack Tools Github
23. Hacking Tools For Mac
24. Android Hack Tools Github
25. Hacker Tools Hardware
26. Wifi Hacker Tools For Windows
27. Hacking Tools Github
28. Pentest Tools Tcp Port Scanner
29. Android Hack Tools Github
30. Hacker Tools Apk Download
31. Hacking Tools For Beginners
32. Hacker
33. Nsa Hack Tools Download
34. Hacker Tools For Windows
35. Best Hacking Tools 2019
36. Game Hacking
37. Pentest Tools For Ubuntu
38. Pentest Tools
39. World No 1 Hacker Software
40. Pentest Box Tools Download
41. Best Hacking Tools 2020
42. Pentest Tools Kali Linux
43. Hack Tools For Ubuntu
44. Pentest Tools List
45. Pentest Tools Website
46. Termux Hacking Tools 2019
47. Pentest Tools Website Vulnerability
48. Ethical Hacker Tools
49. Hacker Tools Apk
50. Hack Tools Download
51. Pentest Tools Website Vulnerability
52. Hack Tools 2019
53. Pentest Tools Github
54. Blackhat Hacker Tools
55. Pentest Reporting Tools
56. New Hack Tools
57. Hacking Tools Windows 10
58. Pentest Tools Url Fuzzer
59. Hacker Tools List
60. Hack Tools For Games
61. Hacking Tools Usb
62. Pentest Automation Tools
63. New Hack Tools
64. Easy Hack Tools
65. Pentest Tools Github
66. Pentest Tools Open Source
67. Hack Rom Tools
68. Hacker Tools Mac
69. Best Hacking Tools 2020
70. Hacker Hardware Tools
71. Hack Tools
72. Hack Tools For Mac
73. Hacker Tools Free Download
74. Pentest Tools Bluekeep
75. Hack Tools Mac
76. How To Hack
77. Hacker Tools Free Download
78. Hacking Tools Online
79. Pentest Recon Tools
80. Bluetooth Hacking Tools Kali
81. Hacker Tools Free
82. Hackers Toolbox
83. Pentest Tools
84. Hacking Tools Online
85. Pentest Tools Open Source
86. Pentest Tools Download
87. Hack Tools For Windows
88. How To Make Hacking Tools
89. Top Pentest Tools
90. Hacker Tools Software
91. Hack Tools Online
92. Tools Used For Hacking
93. Hacker Tools List
94. Pentest Tools Linux
95. Hacker Tools Mac
96. Pentest Tools Website
97. New Hack Tools
98. Hacking Tools Windows 10
99. Hack App
100. Best Pentesting Tools 2018
101. Hacking Tools Usb
102. Underground Hacker Sites
103. Hacking Apps
104. Hacking Tools And Software
105. Computer Hacker
106. Hacker Tools Windows
107. Hack Tools Online
108. Hacker Security Tools
109. Pentest Box Tools Download
110. Hacker Tools 2019
111. Pentest Tools Windows
112. Hacking Tools For Games
113. Hacking Tools Online
114. Top Pentest Tools
115. Pentest Tools For Android
116. Hacking Tools Free Download
117. Ethical Hacker Tools
118. Hacker
119. Pentest Tools Windows
120. Beginner Hacker Tools
121. Github Hacking Tools
122. Hack App
123. Tools For Hacker
124. Hack Tools Github
125. Hacking Tools For Pc
126. Nsa Hacker Tools
127. Tools For Hacker
128. Hacking Tools Windows
129. Hacker Tools Mac
130. Hack Tools For Windows
131. Hack Tools For Ubuntu
132. Hack Rom Tools
133. Hacker Tools Mac
134. Pentest Automation Tools
135. Hacker Tools List
136. Hacking Tools
137. Hacker Tools Free
138. Hacking Tools Mac
139. Hacker Tools
140. Pentest Tools Subdomain
141. Pentest Tools Url Fuzzer
142. Hacking Tools Windows 10
143. Pentest Tools For Ubuntu
144. Hack Tools For Windows
145. Hack Tools For Windows
146. Termux Hacking Tools 2019
147. How To Hack
148. Hacker Tool Kit
149. New Hack Tools
150. Ethical Hacker Tools
151. Hacking Tools For Kali Linux
152. Pentest Tools Port Scanner
153. Hack Tools For Games
154. Hacking Tools Windows
155. Hack App
156. Hacker Tools Software
157. Pentest Tools Alternative
158. Hacking Tools Windows
159. Pentest Tools Framework
160. Termux Hacking Tools 2019
161. Pentest Reporting Tools
162. Hacking Tools For Windows
163. Hacking Tools Online
164. Hacker Tools
165. Easy Hack Tools
166. Hack Tool Apk No Root
167. Pentest Tools
168. Install Pentest Tools Ubuntu
169. Hacker Tools Mac
170. Hacking App
171. Tools Used For Hacking
172. Hack Rom Tools
173. Hacker Tools Hardware
174. Github Hacking Tools
175. Bluetooth Hacking Tools Kali
176. Hacker Hardware Tools
177. Hacker Tools Linux