Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-3570 PoC — OpenSSL BN_sqr实现加密问题漏洞

Source
https://github.com/uthrasri/CVE-2014-3570_G2.5_openssl_no_patch
Associated Vulnerability
Title:OpenSSL BN_sqr实现加密问题漏洞 (CVE-2014-3570)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的BN_sqr实现中存在安全漏洞,该漏洞源于程序没有正确计算BIGNUM值的平方。远程攻击者可利用该漏洞破坏密码保护机制。以下版本受到影响:OpenSSL 0.9.8zd之前版本,1.0.0p之前1.0.0版本,1.0.1k之前1.0.1版本。
File Snapshot

 [4.0K]  /data/pocs/129259ec0c96755081ca8c156b5cee78ba3842b0
├── [4.0K]  asm
│   ├── [5.5K]  alpha-mont.pl
│   ├── [6.6K]  armv4-gf2m.pl
│   ├── [5.3K]  armv4-mont.pl
│   ├── [ 16K]  bn-586.pl
│   ├── [5.5K]  co-586.pl
│   ├── [ 25K]  ia64-mont.pl
│   ├── [ 44K]  ia64.S
│   ├── [5.2K]  mips3-mont.pl
│   ├── [ 37K]  mips3.s
│   ├── [8.7K]  mips-mont.pl
│   ├── [ 44K]  mips.pl
│   ├── [ 34K]  modexp512-x86_64.pl
│   ├── [ 47K]  pa-risc2.s
│   ├── [ 46K]  pa-risc2W.s
│   ├── [ 26K]  parisc-mont.pl
│   ├── [ 26K]  ppc64-mont.pl
│   ├── [7.4K]  ppc-mont.pl
│   ├── [ 44K]  ppc.pl
│   ├── [1.0K]  README
│   ├── [5.0K]  s390x-gf2m.pl
│   ├── [6.5K]  s390x-mont.pl
│   ├── [ 12K]  s390x.S
│   ├── [ 32K]  sparcv8plus.S
│   ├── [ 28K]  sparcv8.S
│   ├── [ 20K]  sparcv9a-mont.pl
│   ├── [ 13K]  sparcv9-mont.pl
│   ├── [8.8K]  via-mont.pl
│   ├── [107K]  vms.mar
│   ├── [4.0K]  x86
│   │   ├── [1.3K]  add.pl
│   │   ├── [5.3K]  comba.pl
│   │   ├── [ 229]  div.pl
│   │   ├── [  38]  f
│   │   ├── [1.7K]  mul_add.pl
│   │   ├── [1.4K]  mul.pl
│   │   ├── [1.0K]  sqr.pl
│   │   └── [1.3K]  sub.pl
│   ├── [ 13K]  x86_64-gcc.c
│   ├── [8.4K]  x86_64-gf2m.pl
│   ├── [ 22K]  x86_64-mont5.pl
│   ├── [ 36K]  x86_64-mont.pl
│   ├── [7.5K]  x86-gf2m.pl
│   ├── [ 16K]  x86-mont.pl
│   └── [ 623]  x86.pl
├── [6.7K]  bn_add.c
├── [ 23K]  bn_asm.c
├── [ 11K]  bn_blind.c
├── [ 20K]  bn_const.c
├── [ 12K]  bn_ctx.c
├── [3.9K]  bn_depr.c
├── [ 12K]  bn_div.c
├── [6.4K]  bn_err.c
├── [9.9K]  bn_exp2.c
├── [ 29K]  bn_exp.c
├── [ 17K]  bn_gcd.c
├── [ 29K]  bn_gf2m.c
├── [ 36K]  bn.h
├── [5.0K]  bn_kron.c
├── [ 17K]  bn_lcl.h
├── [ 19K]  bn_lib.c
├── [9.5K]  bn_mod.c
├── [ 14K]  bn_mont.c
├── [4.3K]  bn_mpi.c
├── [ 323]  bn.mul
├── [ 25K]  bn_mul.c
├── [ 32K]  bn_nist.c
├── [ 14K]  bn_prime.c
├── [ 15K]  bn_prime.h
├── [4.4K]  bn_prime.pl
├── [8.6K]  bn_print.c
├── [9.2K]  bn_rand.c
├── [6.6K]  bn_recp.c
├── [5.5K]  bn_shift.c
├── [6.5K]  bnspeed.c
├── [7.4K]  bn_sqr.c
├── [9.8K]  bn_sqrt.c
├── [ 40K]  bntest.c
├── [5.9K]  bn_word.c
├── [6.8K]  bn_x931p.c
├── [ 873]  divtest.c
├── [1.1K]  exp.c
├── [9.3K]  expspeed.c
├── [6.3K]  exptest.c
├── [ 19K]  Makefile
├── [ 103]  todo
└── [2.8K]  vms-helper.c

2 directories, 85 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.