Buffer Overflow Vulnerabilities and Solutions

Similar documents
Cyberspace Security Issues and Challenges

Professional Penetration Testing Techniques and Vulnerability Assessment ...

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

INNOV-04 The SANS Top 20 Internet Security Vulnerabilities

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Database Security Guide

Application Intrusion Detection

My FreeScan Vulnerabilities Report

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Windows Remote Access

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Modified Reverse Proxy Website Vulnerability Test Results

Network Security: A Practical Approach. Jan L. Harrington

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

A Roadmap for Securing IIS 5.0

HoneyBOT User Guide A Windows based honeypot solution

THE ROLE OF IDS & ADS IN NETWORK SECURITY

Nessus scanning on Windows Domain

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

Web App Security Audit Services

Software security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

Directory and File Transfer Services. Chapter 7

GFI White Paper PCI-DSS compliance and GFI Software products

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Achieving PCI-Compliance through Cyberoam

Sitefinity Security and Best Practices

How To Secure An Rsa Authentication Agent

Topics in Network Security

Rapid Vulnerability Assessment Report

Topics. Virus Protection and Intrusion Detection. What is a Virus? Three related ideas

EECS 354 Network Security. Introduction

The Customer Database in a excel file which costs you several years of Business can be easily ed to any of your competitor

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Malware and Attacks Further reading:

Virtualization System Security

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

SNI Vulnerability Assessment Report

United States Trustee Program s Wireless LAN Security Checklist

1. Why is the customer having the penetration test performed against their environment?

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Security Audit Report for ACME Corporation

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Chapter 15 Operating System Security

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

Installation and Deployment

Buffer Overflows. Code Security: Buffer Overflows. Buffer Overflows are everywhere. 13 Buffer Overflow 12 Nov 2015

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Thick Client Application Security

Blended Security Assessments

4. Getting started: Performing an audit

March

Improving Software Security at the. Source

Codes of Connection for Devices Connected to Newcastle University ICT Network

Medical Device Security Health Group Digital Output

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Pension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing An Update

WHITEPAPER. Nessus Exploit Integration

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

CSE331: Introduction to Networks and Security. Lecture 18 Fall 2006

Setting Up Scan to SMB on TaskALFA series MFP s.

Design of a secure system. Example: trusted OS. Bell-La Pdula Model. Evaluation: the orange book. Buffer Overflow Attacks

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Ovation Security Center Data Sheet

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Owner of the content within this article is Written by Marc Grote

CIS 4361: Applied Security Lab 4

Architecture Overview

Lab Configuring Access Policies and DMZ Settings

Nixu SNS Security White Paper May 2007 Version 1.2

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Application Security Policy

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

Web Application Report

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Custom Penetration Testing

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Network Security and Firewall 1

TIME TO LIVE ON THE NETWORK

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Network Security Guidelines. e-governance

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010

Transcription:

Buffer Overflow Vulnerabilities and Solutions Timothy Tsai Avaya Labs Research ICC 2002 April 29, 2002

Overview How significant are buffer overflows? Context of overall security picture What are buffer overflows? What the the possible solutions? ICC2002-2

The Twenty Most Critical Internet Security Vulnerabilities Version 2.503 April 8, 2002; Copyright 2001-2002, The SANS Institute Top Vulnerabilities That Affect All Systems (G) G1 - Default installs of operating systems and applications G2 - Accounts with No Passwords or Weak Passwords G3 - Non-existent or Incomplete Backups G4 - Large number of open ports G5 - Not filtering packets for correct incoming and outgoing addresses G6 - Non-existent or incomplete logging G7 - Vulnerable CGI Programs Top Vulnerabilities to Windows Systems (W) W1 - Unicode Vulnerability (Web Server Folder Traversal) W2 - ISAPI Extension Buffer Overflows W3 - IIS RDS exploit (Microsoft Remote Data Services) W4 - NETBIOS - unprotected Windows networking shares W5 - Information leakage via null session connections W6 - Weak hashing in SAM (LM hash) Top Vulnerabilities To Unix Systems (U) U1 - Buffer Overflows in RPC Services U2 - Sendmail Vulnerabilities U3 - Bind Weaknesses U4 - R Commands U5 - LPD (remote print protocol daemon) U6 - sadmind and mountd U7 - Default SNMP Strings = buffer overflow vulnerability ICC2002-3

What Are the Problems? Buggy software design and development Programming for security is not taught Good software engineering processes are not universal Legacy code System administration Too many machines to administer Too many platforms and applications to support Too many updates and patches to apply Administrators may be handcuffed (e.g., not allowed to block attachments) Not all administrators are up-to-date (e.g., desktop and home users) Too many unnecessary services Inadequate policies and procedures New technologies The Internet, wireless, converged communications, commerci web sites Vulnerabilities are quickly and widely published Scripts and tools are downloadable (giving rise to "script kidd Large pool of victims Remote attacks are easy to perpetrate (cheap access, high-sp connections) ICC2002-4

Solutions Education Deployment of known technologies (firewalls, VPN, encryption) Better processes (design and code reviews testing) Tools Software development tools (testing, code scanning) Software update tools (patches, virus updates) Security audit tools (passwords, ports, services) Run-time instrumentation ICC2002-5

Significance of Buffer Overflows CERT CVE 40 900 35 800 30 700 25 20 Total-BOV BOV 600 500 400 Total-B BOV 15 300 10 200 5 100 0 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 0 1999 2000 2001 2002 Year Year SecurityFocus 1600 1400 1200 1000 800 total-bov BOV 600 400 200 0 1994 1995 1996 1997 1998 1999 2000 2001 2002 Year ICC2002-6

What is a Buffer Overflow? uffer (80 bytes) fp ra Attack code g & a r b a g e b u f f e r void foo(char * input_strin { char buffer[80]; strcpy(buffer,input_strin return; } /* input_string = attack code+garbage+&b total length >= 88 bytes */ ICC2002-7

Consequences of Buffer Overflow Common attack techniques Find vulnerable programs Target root processes Fuzz testing Use source code and debugger to examine stack contents Write code Connect to port Send data, including shellcode Consequences Root shell from remote attack site Compromise other machines (passwords) Stage DDoS, man-in-the-middle attacks Monitor LAN traffic Denial of service ICC2002-8

Buffer Overflow Solutions Install patches Use checklists and web sites Use update and audit tools Better programming Use safe functions (snprintf instead of sprintf) Use safe languages Conduct code reviews Use code scanners (ITS4, Splint) Better testing Run-time instrumentation Kernel patches (Openwall, PaX) Compiler solutions (StackGuard, ProPolice, StackShield) Library solutions (Snarskii, Libsafe, BOWall) ICC2002-9

Kernel Patches Mechanism Make parts of memory (stack, heap, dat non-executable Allow overflow to occur, but generate memory exception when executing attac code Pros Automatically applied to all processes Can catch some overflows in heap and data space Cons Requires kernel recompilation Doesn t catch return-into-libc exploits ICC2002-10

Compiler Solutions Mechanism Instrument the compiler to insert additional ru time instrumentation Allow overflow to occur, but verify return address before returning from function to prevent execution of attack code Pros Can be selectively applied to applications to minimize overhead Cons Requires recompilation of applications (or installation of pre-instrumented applications) Doesn t catch small overflows ICC2002-11

Library Solutions Mechanism Use shared or static library to intercept calls to vulnerable functions Perform bounds checking on function arguments to prevent overflow from occurring Pros Easy to install Cons Doesn t catch overflows via nonintercepted functions or code Doesn t catch small overflows ICC2002-12

Example of Libsafe Protection Buffer (80 bytes) fp ra max_size=80 void foo(char * input_string) { char buffer[80]; strcpy(buffer,input_string); return; }/*len(input_string)=88 byte char * libsafestrcpy( char *dest, const char * src) { if (src is longer than max_s report the event; else return strcpy(dest,src); } ICC2002-13

Recommendations Turn off all unnecessary services (web, ma print, SNMP) Use a firewall Use intrusion detection tools Get latest versions of software, especially services Consider automatic update tools Run security audit tools Consider run-time instrumentation ICC2002-14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information