Overflow Vulnerabilities

A flaw always attracts antagonism. The same implies for the software vulnerabilities which act as a gateway for cyber-attacks and increases the chance of code exploitation. Cyber security is the biggest threatening challenge that the present –day digital world is encountering each and every second. The frequency of the vulnerability occurrence is also rising rapidly. Till date, many different types of vulnerabilities have been found by different organizations and efforts have been taken to fix the patches.

LoginSoft is one such organization which strives and searches constantly to identify the vulnerability occurrence in any open source software system and informs the respective vendors to work on fixing the issues. So, Let us educate you on our most recent vulnerabilities findings and help you to have a clear understanding of the impact of the deviations.

Our LoginSoft research team has observed that, off all the software flaws we encounter, Buffer Overflow vulnerabilities are the most commonly faced hitches, which when ignored can bring down major complications to your code.

What is a Buffer Overflow Vulnerability?

A buffer is a temporary storage memory location with fixed capacity and handles the data during a software process. When more data is mounted on to this buffer beyond its capacity, an overflow occurs where the data is expected to leak or may over-ride other buffers. This entire scenario lays the path for overflow vulnerabilities which can be cashed by the cyber-attackers.

Impact Buffer Overflow Vulnerability:

  • Unstable Program Behavior
  • System crash
  • Memory access errors
  • Code over-riding
  • Security exploitation threat
  • Un-authorized data access
  • Excursive privilege actions
  • Data theft and Data loss

Types of Buffer Overflow Vulnerabilities:

 

Generally there are two types of Buffer vulnerabilities coined depending on specific feature categorization and structure of memory overflow.

  1. Stack Overflow Vulnerabilities
  2. Heap Overflow Vulnerabilities

Stack Overflow Vulnerabilities:

The stack resides in process memory of our system with a fixed storage capacity and has a Last-In-First-Out data structure .It manages all the memory allocating and memory free-up functions without manual intervention. When the memory input exceeds the limit of stack an overflow occurs resulting in data exploit. A stack overflow can occur in following cases:

  • Outbound declaration of variables
  • Infinite recursion

Loginsoft Research:

Loginsoft has successfully identified some of the stack overflow vulnerabilities.

1.Stack buffer overflow vulnerability-1 in Tcpreplay

CWE: 121-Stack Based Buffer Overflow

CVE number: CVE-2018-18409

Identified in: https://github.com/simsong/tcpflow/wiki

Product Details: tcpflow is an open source program code which captures the data transmitted during TCP connections and also stores the data for protocol analysis and debugging issues.

Vulnerability Specifics: A stack overflow vulnerability has been identified in an open source tcpflow, version 1.5.0, in setbit() at iptree.h function, which handles the protocol data during TCP connections and also plays a vital role in debugging.

Epitome:

  • Initially a pcap file is submitted as an input to the binary where the data analyzation takes place and the pdf output is generated.
  • Here the function be13: : plugin : :phase_shutdown() calls to shut-down all the scanners once the input is received and also gathers the version information of the file input.
  • One_page_report: :render_pass: :render_header() function initializes the report generator.
  • <address_histogram: : address_histogram() function is used to convert the file into relevant vector for count histogram to start.
  • Here the setbit() function is the key cause for overflow which increases the i’th bit to one i.e., the signed integer value 127 is incremented to 128 causing stack overflow.

Impact:Denial of Service

Click here for detailed report

2.Stack overflow vulnerability-1 in HDF5

CWE: 121-Stack Based Buffer Overflow

CVE number: CVE-2018-17439

Identified in: https://www.hdfgroup.org/downloads

Product Details: HDF5 is totally into data managing side which effectively deals with all sorts of complex data and also provides tools and applications for analyzing the data in HDF5 format.

Vulnerability Specifics:The stack overflow vu vulnerability has been exposed in the version 10.5.3 HDF library while converting the HDF file into A GIF file. The exact function where the issue is identified is H5S_extent_get_dims().

Epitome:

  • H5Imget_image_info() function is used to retrieve all the required information of an image input.
  • It also returns the maximum size of each and dimension of data space DSS with the help of H5S_get_simpl_extent_dims() function
  • Now H5S_ extent _get _dims() is the exact trigger point for stack overflow.

Impact: Invalid File Conversions

Click here for detailed report

3.Stack overflow vulnerability-2 in HDF5

CWE: 121-Stack Based Buffer Overflow

CVE number: CVE-2018-15671

Identified in: https://www.hdfgroup.org/downloads

Product Details:HDF5 is a popular data model which manages file storing and data management by extending its support to the most complex data also. It also supports with different tools and applications for data analysis in HDF5 format.

Vulnerability Specifics:The stack overflow is discovered in HDF HDF5 1.10.2 library when the function H5P_get_cb() in H5pint.c attempts to parse a crafted HDF file.

Epitome:

  • H5G_object_iterate() and H5G_stab_iterate() are the two functions used to iterate the object groups which were served as the input.
  • H5Oget_info_by_name_2() and H5G_loc_info() functions help to retrieve the informationH5G_traverse is used to traverse the path from the locations and then looks for group link using either name attributes.
  • Finally a meta tag property is and its value is set to the object via H5P_get_cb() function which is the initiative for the stack overflow.

Click here for detailed report

Impact:

  • Denial of Service
  • Memory leakages

Protection from Stack overflows:

The above three stack overflow vulnerabilities identified by Loginsoft explicitly showcases almost all the logical reasons behind an overflow trigger. One can expect the same vulnerabilities to be exposed in different applications but with different masks. By following simple and well defined safety measures, an application can be shielded from that attack of stack overflows. Some of the suggested measures are:

  • Using non executable stack which does not hold any code
  • Using the robust programming languages where the memory access functions can’t be triggered easily
  • Use compilers which prevent overflows
  • Always check and validate the inputs received

Conclusion:

Identifying the threats at right time before the invasion of malware can save you with lot of time, money and effort. For this, one has to be always on high alert mode and act immediately on the vulnerabilities. We suggest you the flowing tips to discover the vulnerability existence before the hacker’s eye catches the miss-lead.

  • Update the software security as soon as the latest version is released.
  • Always observe the response time and code behavior keenly.
  • Try to hack your own network frequently to check about the leakages
  • Train all the resources on security issues.
  • Maintain a trusted anti-virus and a separate wing of threat detection team.

Now let us assist you to understand how Loginsoft helps to find out the vulnerabilities and the cyber security services we offer:

  • Vulnerability Assessment
  • Static Application Security Testing
  • Dynamic Application Security Testing
  • Threat Modeling
  • Discovering Zero-day vulnerabilities

Loginsoft values the privacy of its clients and open source vendors. As soon as we notice vulnerability in any of the softwares, we immediately inform the concerned vendors and after they close the issues by fixing the patches successfully, we then publish the discovered vulnerabilities with detailed reports in our website to educate our visitors on cyber-attacks.

Credit: Security Research Team