common software vulnerabilities causes and consequences
play

Common software vulnerabilities: causes and consequences Ricardo J. - PowerPoint PPT Presentation

May 22, 2023 •293 likes •611 views

Common software vulnerabilities: causes and consequences Ricardo J. Rodrguez CUD rjrodriguez@unizar.es @RicardoJRdez 14 de marzo, 2019 I Jornadas OWASP ZGZ $whoami Ph.D. in Computer Sciences (University of Zaragoza, 2013)

  1. Common software vulnerabilities: causes and consequences Ricardo J. Rodríguez – CUD rjrodriguez@unizar.es– @RicardoJRdez 14 de marzo, 2019 I Jornadas OWASP – ZGZ

  2. $whoami Ph.D. in Computer Sciences (University of Zaragoza, 2013) Professor in Centro Universitario de la Defensa , Academia General Militar (Zaragoza) Research interests: Performance/dependability/security analysis Model-driven engineering (considering security aspects) Program binary analysis (specially, malware analysis) RFID/NFC security Not prosecuted ( yet ) ¨ ⌣ Speaker in NcN, HackLU, RootedCON, STIC CCN-CERT, HIP , MalCON, HITB. . . 1 / 19

  3. Agenda 1 Introduction Common Software Vulnerabilities 2 Conclusions 3 2 / 19

  4. Agenda 1 Introduction 2 Common Software Vulnerabilities 3 Conclusions 3 / 19

  5. Introduction Credits : https://www.cvedetails.com/browse-by-date.php 4 / 19

  6. Introduction Some definitions of interest Vulnerability : software flaw An attacker can take advantage of a vulnerability and exploit it Average occurrence of faults per Lines of Code ( defect density ) Usually, it depends on the particular software company (different development cycles) Credits : https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670 5 / 19

  7. Agenda 1 Introduction 2 Common Software Vulnerabilities 3 Conclusions 6 / 19

  8. Common Software Vulnerabilities Buffer Overflow Credits : https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&query=buffer+ overflow&queryType=phrase&search_type=all 7 / 19

  9. Common Software Vulnerabilities Buffer Overflow Also called buffer overrun Most prevalent error in C/C++ programs First BOF exploited: Morris worm (1988) (BSD-derived) UNIX fingerd daemon For curious readers: doi: 10.1145/66093.66095 Seminal work of Aleph One in 1996 Smashing the stack for fun and profit , Phrack, 7(49), 1996 http://phrack.org/issues/49/14.html Caused when a buffer is overwritten beyond its boundaries Unsafe functions DO NOT check the buffer limits when operating , then provoking the buffer is overwritten beyond its boundaries Examples of unsafe functions: gets , scanf , strcpy , strcat , sprintf , ... 8 / 19

  10. Common Software Vulnerabilities Buffer Overflow We can distinguish two kind of buffer overflows: Stack-based BOF ( https://cwe.mitre.org/data/definitions/121.html ) Heap-based BOF ( https://cwe.mitre.org/data/definitions/122.html ) 9 / 19

  11. Common Software Vulnerabilities Buffer Overflow We can distinguish two kind of buffer overflows: Stack-based BOF ( https://cwe.mitre.org/data/definitions/121.html ) Heap-based BOF ( https://cwe.mitre.org/data/definitions/122.html ) Which elements are stored in these memory segments? Stack: stores function parameters, local variables , and caller return address Heap: dynamic memory (memory allocated by the program – also objects) 9 / 19

  12. Common Software Vulnerabilities Buffer Overflow We can distinguish two kind of buffer overflows: Stack-based BOF ( https://cwe.mitre.org/data/definitions/121.html ) Heap-based BOF ( https://cwe.mitre.org/data/definitions/122.html ) Which elements are stored in these memory segments? Stack: stores function parameters, local variables , and caller return address Heap: dynamic memory (memory allocated by the program – also objects) Consequences Denial-of-Service (crashes and resource consumption) Execution of unauthorized code (or commands) Bypassing of protection mechanisms Others 9 / 19

  13. Common Software Vulnerabilities Buffer Overflow – example + demo 1 // vuln1.c 2 #include <stdio.h> 3 #include <stdlib.h> 4 #include <string.h> 5 6 #define BUFLEN 256 7 8 void secret() 9 { 10 printf("YOU WIN!\n"); 11 } 12 13 void copy_arg(char *s) 14 { 15 char buffer[BUFLEN]; 16 17 strcpy(buffer , s); 18 printf("Your argument is: %s\n", buffer); 19 } 20 21 int main(int argc, char *argv[]) 22 { 23 if(argc != 2){ 24 fprintf(stderr , "usage error: %s string - echoes string argument\n", argv[0]); 25 return EXIT_FAILURE; 26 } 27 copy_arg(argv[1]); 28 29 return EXIT_SUCCESS; 30 } 10 / 19

  14. Common Software Vulnerabilities Buffer Overflow – example + demo 1 // vuln1.c 2 #include <stdio.h> 3 #include <stdlib.h> L17: strcpy is an unsafe function 4 #include <string.h> 5 6 #define BUFLEN 256 Does not check the length of 7 buffer : just copies each byte of s to 8 void secret() 9 { buffer until the string terminator 10 printf("YOU WIN!\n"); 11 ( NULL character) is reached } 12 When size of s is greater than 13 void copy_arg(char *s) 14 { BUFLEN , the adjacent memory to 15 char buffer[BUFLEN]; buffer is overwritten 16 17 strcpy(buffer , s); What elements were stored in the 18 printf("Your argument is: %s\n", buffer); 19 } stack, apart from local variables (such 20 as buffer )? 21 int main(int argc, char *argv[]) 22 { 23 if(argc != 2){ 24 fprintf(stderr , "usage error: %s string - echoes string argument\n", argv[0]); 25 return EXIT_FAILURE; 26 } 27 copy_arg(argv[1]); 28 29 return EXIT_SUCCESS; 30 } 10 / 19

  15. Common Software Vulnerabilities Buffer Overflow – example + demo 1 // vuln1.c 2 #include <stdio.h> 3 #include <stdlib.h> L17: strcpy is an unsafe function 4 #include <string.h> 5 6 #define BUFLEN 256 Does not check the length of 7 buffer : just copies each byte of s to 8 void secret() 9 { buffer until the string terminator 10 printf("YOU WIN!\n"); 11 ( NULL character) is reached } 12 When size of s is greater than 13 void copy_arg(char *s) 14 { BUFLEN , the adjacent memory to 15 char buffer[BUFLEN]; buffer is overwritten 16 17 strcpy(buffer , s); What elements were stored in the 18 printf("Your argument is: %s\n", buffer); 19 } stack, apart from local variables (such 20 as buffer )? 21 int main(int argc, char *argv[]) 22 { 23 if(argc != 2){ 24 fprintf(stderr , "usage error: %s string - echoes BINGO: return address to main string argument\n", argv[0]); 25 return EXIT_FAILURE; ( let’s see a demo about hijacking the 26 } 27 copy_arg(argv[1]); program control-flow ) 28 29 return EXIT_SUCCESS; 30 } 10 / 19

  16. Common Software Vulnerabilities Numerical Issues Credits : https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&query=integer+ overflow&queryType=phrase&search_type=all 11 / 19

  17. Common Software Vulnerabilities Numerical Issues Integer numerical errors Overflows : when the result of an integer expression exceeds the maximum value for its respective type Underflows : when the result of an integer expression is smaller than its minimum value, it wraps to the maximum integer for the type. For instance, subtracting 0 − 1 and storing the result in an unsigned 16-bit integer Signedness error : when a signed integer is interpreted as unsigned, or vice-versa Lossy truncations : when assigning an integer with a larger width to a smaller width Costly and exploitable bugs Reported in the top 25 most dangerous software errors (MITRE 2011) 12 / 19

  18. Common Software Vulnerabilities Numerical Issues Integer numerical errors Overflows : when the result of an integer expression exceeds the maximum value for its respective type Underflows : when the result of an integer expression is smaller than its minimum value, it wraps to the maximum integer for the type. For instance, subtracting 0 − 1 and storing the result in an unsigned 16-bit integer Signedness error : when a signed integer is interpreted as unsigned, or vice-versa Lossy truncations : when assigning an integer with a larger width to a smaller width Costly and exploitable bugs Reported in the top 25 most dangerous software errors (MITRE 2011) Consequences Denial-of-Service (crashes and resource consumption) Execution of unauthorized code (or commands) Bypassing of protection mechanisms Logic errors 12 / 19

  19. Common Software Vulnerabilities Numerical Issues – example + demo 1 // vuln2.c 2 #include <stdio.h> 3 #include <string.h> 4 #include <stdlib.h> 5 6 #define MAXLEN 32 // max passwd length 7 8 void store_passwd_indb(char* passwd) 9 { 10 if(passwd != NULL) 11 { 12 // do stuff... 13 } 14 } 15 16 void validate_uname(char* uname) 17 { 18 // do more stuff... 19 } 20 21 void validate_passwd(char* passwd) { 22 char passwd_buf[MAXLEN]; 23 unsigned char passwd_len = strlen(passwd); 24 25 // zeroes the buffer 26 bzero(passwd_buf , sizeof(passwd_buf)); 27 28 // check length 29 if(passwd_len >= 8 && passwd_len <= MAXLEN){ 30 printf("Valid password\n"); 31 strcpy(passwd_buf ,passwd); 32 }else 33 printf("Invalid password\n"); 34 35 // store it into the DB 36 store_passwd_indb(passwd_buf); 37 } 38 39 int main(int argc, char* argv[]) { 40 if(argc != 3) { 41 printf("usage error: %s username passwd\n", argv[0]); 42 exit(EXIT_FAILURE); 43 } 44 validate_uname(argv[1]); 45 validate_passwd(argv[2]); 46 47 return EXIT_SUCCESS; 48 } 13 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security &amp; Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Evaluation of Doses, Risks, Vulnerabilities, and Consequences for Population and Environment

Evaluation of Doses, Risks, Vulnerabilities, and Consequences for Population and Environment

Evaluation of Doses, Risks, Vulnerabilities, and Consequences for Population and Environment Employing GIS Analysis Alexander Mahura 1 , Alexander Baklanov 1 , Olga Rigina 2 , Jens Havsk v Sorensen 1 , Rony Bergman 3 , Vladislav Golikov 4 ,

460 views • 14 slides
What are the risks, vulnerabilities, and potential consequences associated with High Impact

What are the risks, vulnerabilities, and potential consequences associated with High Impact

What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events? April 9, 2019 Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security About the Presenter Joshua Rowe, PSP WECC

741 views • 47 slides
Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020

Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020

Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 How Bad is Bad? Weve seen many vulnerabilities Many of them can do catastrophic

541 views • 35 slides
Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Vulnerabilities in C-based languages

633 views • 59 slides
Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack every computer that we own. Most

503 views • 48 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Some Terminology Software error A programming mistake that make the software not meet its expectation Software

726 views • 59 slides
Boilerplate Clauses in Commercial Contracts: Avoiding Unintended Consequences Navigating Common

Boilerplate Clauses in Commercial Contracts: Avoiding Unintended Consequences Navigating Common

Presenting a live 90-minute webinar with interactive Q&amp;A Boilerplate Clauses in Commercial Contracts: Avoiding Unintended Consequences Navigating Common Pitfalls in Standard Contract Provisions and Implementing Practical Solutions Tuesday,

891 views • 85 slides
Should Cyber-Insurance Providers Invest in Software Security? Aron Laszka 1 and Jens Grossklags 2

Should Cyber-Insurance Providers Invest in Software Security? Aron Laszka 1 and Jens Grossklags 2

Should Cyber-Insurance Providers Invest in Software Security? Aron Laszka 1 and Jens Grossklags 2 1 University of California, Berkeley 2 Pennsylvania State University Software Vulnerabilities Most software products suffer from vulnerabilities

448 views • 22 slides
Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution Exoskeleton Endoskeleton Soft and squishy! Lascaux Consequences Pedestrian RTCs Brain Spinal cord injury Common Clinical Patterns Upper Limbs

706 views • 54 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security Security is a form

2.11k views • 190 slides
Exploiting Vulnerabilities in Media Software iSEC Partners https://www.isecpartners.com Agenda

Exploiting Vulnerabilities in Media Software iSEC Partners https://www.isecpartners.com Agenda

Exploiting Vulnerabilities in Media Software iSEC Partners https://www.isecpartners.com Agenda Introduction Why media software? Why bugs are still out there How we're going to bang them out Fuzzing techniques

470 views • 30 slides
Vulnerabilities in C/C++ programs Part II TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part II TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part II TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Integer overflows and sign errors Adding,

756 views • 42 slides
Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Charles University Michal

Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Charles University Michal

Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Charles University Michal Malohlava Technical University of Martin Schoeberl Denmark Exhaustive Testing with Java PathFinder (JPF) JTRES 2010 Tomas Kalibera JPF is a

485 views • 20 slides
Riding the Overflow Riding the Overflow Then and Now Then and Now Miroslav tampar

Riding the Overflow Riding the Overflow Then and Now Then and Now Miroslav tampar

Riding the Overflow Riding the Overflow Then and Now Then and Now Miroslav tampar Miroslav tampar (mstampar@zsis.hr ) (mstampar@zsis.hr ) tl;dr BalCCon2k14, Novi Sad (Serbia) September 6th,

634 views • 29 slides
Todays Objec4ves Networking: TCP Threads and Synchroniza4on Sept 20, 2017 Sprenkle -

Todays Objec4ves Networking: TCP Threads and Synchroniza4on Sept 20, 2017 Sprenkle -

9/20/17 Todays Objec4ves Networking: TCP Threads and Synchroniza4on Sept 20, 2017 Sprenkle - CSCI325 1 Review What is the OSI model? What are the theore4cal layers? What are their real-world equivalents? What do they do?

390 views • 15 slides
A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran

A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran

A Practical Degradation Model for Mixed Criticality Systems Vijaya Kumar Sundar, Arvind Easwaran Nanyang Technological University (NTU), Singapore May 8, 2019 Research Outline Research Objective: A new degradation model for Mixed Criticality

1.02k views • 87 slides
Patrick Verkaik Yuvraj Agarwal, Rajesh Gupta, Alex C. Snoeren UCSD NSDI April 24, 2009 1

Patrick Verkaik Yuvraj Agarwal, Rajesh Gupta, Alex C. Snoeren UCSD NSDI April 24, 2009 1

Patrick Verkaik Yuvraj Agarwal, Rajesh Gupta, Alex C. Snoeren UCSD NSDI April 24, 2009 1 Voice over IP (VoIP) and WiFi increasingly popular Cell phones with WiFi + VoIP: iPhone (+ Skype, Fring, iCall, ..) T -mobile UMA and

1.19k views • 33 slides
Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by the Morris Worm in 1988 Prevention techniques known NX bit, stack canaries, ASLR Still of major concern Recent examples:

354 views • 21 slides
MSc (APSC) Candidate Saint Marys University Halifax, NS Why do we care? &lt; 2 mm diam.

MSc (APSC) Candidate Saint Marys University Halifax, NS Why do we care? &lt; 2 mm diam.

Logan Gray Supervisor: Dr. Gavin Kernaghan (MSVU) MSc (APSC) Candidate Saint Marys University Halifax, NS Why do we care? &lt; 2 mm diam. absorb water + nutrients ephemeral = huge carbon input Live in/on/around fine roots

772 views • 31 slides
Lecture 4: Sequential Circuits Continued Clock signals Clocks are a regular pulse

Lecture 4: Sequential Circuits Continued Clock signals Clocks are a regular pulse

Lecture 4: Sequential Circuits Continued Clock signals Clocks are a regular pulse signal, where the high value indicates that the output of the latch may be sampled. Usually drawn as: voltage 5V time But looks more like:

627 views • 26 slides

More recommend