TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures

If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 

Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 

This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.

StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.

radare2 static decompiled

The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here

More info

1. Pentest Tools For Android
2. Black Hat Hacker Tools
3. Hacker Tools Hardware
4. Hack Tools For Ubuntu
5. Hacking Tools 2020
6. Install Pentest Tools Ubuntu
7. Bluetooth Hacking Tools Kali
8. Hacking Tools Mac
9. Easy Hack Tools
10. Best Pentesting Tools 2018
11. Pentest Tools Open Source
12. Pentest Tools For Android
13. Hacker Tools Linux
14. Hacking Tools Software
15. Underground Hacker Sites
16. Hacks And Tools
17. Hacker
18. Hacking Tools For Windows
19. Pentest Tools Framework
20. Hack Rom Tools
21. Nsa Hack Tools Download
22. What Is Hacking Tools
23. Pentest Tools Url Fuzzer
24. Hacking Tools For Windows 7
25. Easy Hack Tools
26. Hacker
27. Hack Tools Download
28. Hacking Tools For Games
29. Hacking Tools 2019
30. Pentest Tools Linux
31. Hack Tools
32. How To Install Pentest Tools In Ubuntu
33. Hacker Tools 2020
34. Hacking Tools For Beginners
35. Pentest Tools Free
36. Pentest Tools Url Fuzzer
37. Pentest Tools Free
38. Hacking Tools
39. Pentest Tools For Ubuntu
40. Hacking Tools Kit
41. Hackrf Tools
42. Tools For Hacker
43. Hack Tools
44. Hack Tools Download
45. Ethical Hacker Tools
46. Hacker Techniques Tools And Incident Handling
47. Hacker Tools Free
48. Hacking Tools For Beginners
49. Tools Used For Hacking
50. Pentest Tools Online
51. Hacking Tools Kit
52. Pentest Tools Linux
53. Hack App
54. Pentest Tools Open Source
55. Hacking Tools Free Download
56. Pentest Tools For Windows
57. Hacker Techniques Tools And Incident Handling
58. Pentest Tools For Windows
59. How To Make Hacking Tools
60. Hack Tool Apk No Root
61. Tools For Hacker
62. Pentest Tools Apk
63. Usb Pentest Tools
64. Hacker Tools Github
65. Nsa Hacker Tools
66. Wifi Hacker Tools For Windows
67. Hacker Tools Windows
68. Hack Tools 2019
69. Hack Tool Apk No Root
70. Hacker Tools Apk
71. Hacking Tools For Windows
72. Pentest Tools Android
73. Pentest Tools Open Source
74. Hack Tools 2019
75. Hacker Tools For Ios
76. Growth Hacker Tools
77. Hacking Tools Hardware
78. Hacking Tools Usb
79. Pentest Tools Port Scanner
80. Easy Hack Tools
81. Hack Tools For Pc
82. Hacking Tools For Kali Linux
83. Hacking Tools Usb
84. Hacking App
85. Hack Tool Apk No Root
86. Pentest Tools
87. Hack Tools
88. Best Hacking Tools 2019
89. Pentest Tools Find Subdomains
90. Pentest Tools For Windows
91. Free Pentest Tools For Windows
92. Hacker Security Tools
93. Hack Tools For Pc
94. Pentest Tools Android
95. Hack Tool Apk No Root
96. Free Pentest Tools For Windows
97. Hacking Tools For Windows 7
98. Hacking Tools For Games
99. Pentest Tools Github
100. Hacking Tools 2020
101. New Hacker Tools
102. Hacker Tool Kit
103. Pentest Tools For Windows
104. Hack Tool Apk No Root