I created a proof of concept exploit about the recent OpenSSL
signature_algorithms_cert DoS flaw (CVE-2020-1967). Credit for the
original finding goes to Bernd Edlinger.

This is a null pointer dereference while processing a crafted
signature_algorithms_cert TLS extension via the SSL_check_chain() API
method. Applications do need to call this method explicitly, it is not
invoked by default during the handshake. The segmentation fault of a
TLS service could look like this:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f09bcff3770 in tls1_check_sig_alg.part.0.cold () from
(gdb) bt
#0  0x00007f09bcff3770 in tls1_check_sig_alg.part.0.cold () from
#1  0x00007f09bd03f309 in tls1_check_chain () from
#2  0x00007f09bd403fc8 in set_cert_cb ()
#3  0x00007f09bd037f75 in tls_post_process_client_hello () from
#4  0x00007f09bd02703f in state_machine.part () from
#5  0x00007f09bcffa3f8 in ssl3_write_bytes () from
#6  0x00007f09bd00fbb9 in ssl_write_internal () from
#7  0x00007f09bd00fd07 in SSL_write () from /data/openssl-1.1.1d/libssl.so
#8  0x00007f09bd3e337d in sv_body ()
#9  0x00007f09bd40757a in do_server ()
#10 0x00007f09bd3e7c27 in s_server_main ()
#11 0x00007f09bd3cea46 in do_cmd ()
#12 0x00007f09bd3b89fd in main ()

This exploit relies on a patched version of openssl's s_client and can
be found here:


Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Reply via email to