December 2016

Generating the Exploit for OpenSSL 1.1.0a, b CVE-2016-7054 Part 2/3

OpenSSL 1.1.0a, b Vulnerability

Continuing the previous post, now that we know what MACs are and how they work in the context of TLS protocol we can move further ahead and analyze OpenSSL 1.1.0a and 1.1.0b Heap Overflow vulnerability. To exploit this vulnerability (cve-2016-7054) we need to negotiate a ChaCha20-Poly1305 cipher suite with the server and send a message with a bad mac. Let us first setup the server that’s running OpenSSL 1.1.0a. Setting Up OpenSSL 1.1.0a We can download the desired version from https://www.openssl.org/source/old/1.1.0/, after decompressing the archive, we configure the package but since we don’t want it to overwrite our current installed...

Continue reading...

Overview of MAC Algorithms, Fuzzing TLS and Finally Exploiting CVE-2016-7054 Part 1/3

Overview of MAC Algorithms, TLS Protocol and CHACHA20-POLY1305 Algorithms In the upcoming posts I’m going to give an introduction on Openssl CVE-2016-7054 vulnerability and the terminology about this topic. In part 2 we will discuss available tools and techniques and how to actually produce an exploit for this vulnerability, in the 3rd part we will try to enumerate installed Openssl version on our systems and see how we can update software packages that use Openssl like Apache, Nginx and Python. Intro Couple of days ago Fortinet published a blog post titled “Analysis of OpenSSL ChaCha20-Poly1305 Heap Buffer Overflow (CVE-2016-7054)“. A...

Continue reading...