Buffer Overflow Attack

Description

Buffer overflow vulnerabilities enable an attacker to write data beyond the allocated end of a buffer in memory. Buffer overflows are most common in programs developed in C or C++ or other languages that do not provide automated memory management and array bounds checking.

Impact

• Application is crashed leading to denial of service
• Code is injected and executed with the privileges of the host process

Vulnerabilities

• Weak or missing input validation
  • No buffer range checking
  • No array index range checking
• Use of unsafe functions

Countermeasures

• Perform thorough input validation. This is the first line of defense against buffer overflows. Although a bug may exist in your application that permits expected input to reach beyond the bounds of a container, unexpected input will be the primary issue. Constrain input by validating it for type, length, format and range.
• Limit your application's use of unmanaged code. Managed code benefits from type safe verification of parameters, unmanaged code does not.
• Inspect the managed code that calls the unmanaged API. Ensure that only appropriate values can be passed as parameters to the unmanaged API.
• Use compile time checks. For example, use the /GS flag to compile code developed with the Microsoft Visual C++® development system. The /GS flag causes the compiler to inject security checks into the compiled code. This is not a fail-proof solution or a replacement for your specific validation code; it does, however, protect your code from commonly known buffer overflow attacks. For more information, see the .NET Framework Product documentation http://msdn.microsoft.com/library/en-us/vccore/html/vclrfGSBufferSecurity.asp and Microsoft Knowledge Base article 325483 "WebCast: Compiler Security Checks: The –GS compiler switch" at http://support.microsoft.com/default.aspx?scid=kb;en-us;325483.
• Use safe CRT libraries where possible. The safe CRT libraries are updated versions of the standard C and C++ libraries, including the C Runtime (CRT) Library, Standard C++ Library (SCL), Active Template Library (ATL), and Microsoft Foundation Classes (MFC). The updates are designed to protect applications compiled with Visual C++. They add appropriate buffer checks to functions known to be vulnerable to attack, parameters are validated, and other functions such as strcpy, which are known to be vulnerable to attack, are deprecated. Use the secure version of a function if it exists. If a new secure function exists, the older, less secure version is marked as deprecated and the new version has the _s (secure) suffix. For example, use strcpy_s instead of strcpy. Note that the compiler will generate a warning if you use a deprecated function.

For a list of secure CRT functions, see "Security-Enhanced Versions of CRT Functions," at http://msdn2.microsoft.com/en-us/library/wd3wzwts(en-US,VS.80).aspx.

• Use least privileged process accounts. If an attacker does manage to inject code by exploiting a buffer overflow vulnerability, the use of least privileged process accounts limits the capabilities of the injected code.

Attack Patterns

• Buffer Overflow Attack Pattern

Explained

• Buffer Overflow Explained

How Tos

• How To Recognize Buffer Overflow Vulnerabilities
• How To Test For Buffer Overflow Vulnerabilities
• How To Protect From Injection Attacks in ASP.NET 2.0