Title: Reading Assessment

Prepared by: MAZA TEAM

Content

 Common Software Vulnerability

 Buffer overflow
 Integer overflow
 Format String Vulnerability
 Heart bleed
Introduction
 Software Vulnerability
 A common software vulnerability is a weakness in software
that can be exploited by attackers to gain unauthorized access
to a system or data.
 Common software vulnerabilities include
 buffer overflows,
 SQL injection, and
 cross-site scripting (XSS).
 Low-level software vulnerabilities can be caused by a variety of
factors, including:
 Buffer overflows
 Format string vulnerabilities
 Integer overflows
Buffer over-read/Read Overflow
 A buffer overflow, also known as a buffer overrun
 It occurs when a program tries to read more data from a buffer

than it actually contains.

Buffer over-read/Read Overflow
 This can lead to security vulnerabilities and unexpected

behavior in software like crash, or it can allow an attacker to

execute arbitrary code on the system.

 Buffer overflows are often caused by programming errors, such

as not checking the size of the data before writing it to a buffer

Buffer over-read/Read Overflow

char buffer[10]; in Java:

strcpy(buffer, "Hello, world!"); byte[] buffer = new byte[10];

printf("%s\n", buffer); System.in.read(buffer, 0,
15);
System.out.println(new
String(buffer));
Buffer over-read/Read Overflow
 They can also be caused by malicious input, such as a
specially crafted string that is designed to cause a
buffer overflow
o Information disclosure: For example, if a program stores a user’s
password in memory, a buffer over-read vulnerability could allow an attacker to read
that password and use it to gain unauthorized access to the user’s account

o Denial of service: For example, an attacker could send a specially crafted

input that triggers the vulnerability, causing the program to crash and become
unavailable.

o Code execution: For example, if an attacker can overwrite a function

pointer in memory through a buffer over-read vulnerability, they may be able to
redirect program execution to their own code and take control of the system.
Buffer over-read/Read Overflow
 Exploitation Buffer Over-read
 Heartbleed exploit that targeted the OpenSSL cryptographic software
library, which allowed an attacker to read sensitive data from the memory of
affected servers
 Bash Shellshock: vulnerability was a buffer over-read vulnerability that
affected the Bash shell, which allowed an attacker to execute arbitrary code by
sending specially crafted environment variables
 ImageMagick: is a popular image processing library that had several buffer
over-read vulnerabilities that could be exploited to execute arbitrary code or
cause a denial of service.
Buffer over-read/Read Overflow
 They have been used to exploit a wide
variety of vulnerabilities, including those in
operating systems, web browsers, and
other software applications.
 Buffer over-read/Read Overflow
 There are a number of ways to protect against
buffer overflows, including:

 Buffer overflows can be a serious security risk, as they can allow

attackers to gain control of a system.
o Use a memory-safe programming language: Memory-safe
languages like Java, Python, and Ruby provide automatic bounds
checking
o Keep software up-to-date: Keep your software up-to-date with
the latest security patches and updates to reduce the risk of known
buffer over-read vulnerabilities.
o Using input validation to ensure that input data is valid before it is
processed.
o Using intrusion detection systems to detect and block buffer overflow
attacks.
Integer overflow
 Integer overflow occurs when an arithmetic operation attempts to
create a numeric value that is outside of the range that can be
represented with a given number of digits

 It is a type of an arithmetic overflow error when the result of an

integer operation does not fit within the allocated memory space.
Integer overflow

 For example, in the C programming language, the default

integer data type is a 32-bit signed integer, which can
represent values from -2,147,483,648 to 2,147,483,647.

 If an operation results in a value outside of this range, the

result will "wrap around" to the other end of the range.
 For instance, if we add 1 to the maximum value of a 32-bit
signed integer (2,147,483,647), the result will be -
2,147,483,648, which is the minimum value of a 32-bit signed
integer.
Integer overflow

nresp = packet_get_int();
if (nresp > 0) {
response = xmalloc(nresp*sizeof(char*));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
 format string vulnerability

 A format string vulnerability is a bug where user input

is passed as the format argument to printf, scanf, or
another function in that family %n in printf

 The attacker can crash the application by executing

malicious code to create a segmentation fault
 format string vulnerability

 The string can be divided into 3 parts :

 Format function - This includes printf, fprintf etc.
 Format string - This is the argument for format
function
 Format string parameter - This defines the type
of conversion
 format string vulnerability

 The attacker can perform this attack through the

following ways:
 Enumerate process stack: The attacker uses %x and %p
to view the stack organization of the application.
 Control execution flow: The attacker uses %n to
overwrite the pointer variables used by the application.
When the application calls these pointers, the pointer will
send malicious code to the application.
 Denial of service: The attacker uses %x followed by
%x to crash the application and the server.
 format string vulnerability
 Example
 printf (usrName);
The attacker can extract the usernames
present in the server.
Heartbleed bug/vulnerability

 The Heartbleed bug, also known as CVE-2014-0160,

 It is a serious vulnerability in the OpenSSL cryptographic software
library .
 It was discovered in April 2014 and affected a wide range of systems,
including web servers, mail servers, and VPNs.
 It is caused by a flaw in the way OpenSSL handles heartbeat requests,
which are used to check the health of a server.

 By sending a specially crafted heartbeat request, an attacker can

exploit the bug to read arbitrary memory from the server, including
sensitive information such as passwords, credit card numbers, and
encryption keys.
Heartbleed bug/vulnerability

 The bug was caused by poorly written code. It was discovered on

the same day by Google and Codenomicon security researchers,
who quickly realized that an attacker could exploit the bug to
expose encrypted content, usernames, passwords and private
keys for X.509 certificates.
Heartbleed bug/vulnerability
Heartbleed bug/vulnerability
Summary
 Low-level vulnerabilities can be difficult to detect and exploit, but they
can have serious consequences. Attackers can use these vulnerabilities
to gain control of a system, steal data, or launch denial-of-service
attacks.
 To protect against low-level vulnerabilities, developers should follow
secure coding practices, such as:
 Input validation: Check all user input for validity before processing it.
 Buffer management: Use safe buffer handling techniques to avoid
buffer overflows.
 Format string validation: Use safe format string functions to prevent
format string vulnerabilities.
 Integer overflow protection: Use integer overflow protection
mechanisms to prevent integer overflows.
 Concurrency control: Use synchronization mechanisms to prevent race
conditions.