CAPEC-46
Overflow Variables and Tags
HIGH
HIGH
Draft
2014-06-23 00:00 +00:00
2022-09-29 00:00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Description
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
Informations
Execution Flow
1) Explore
[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries look for applications or programs that accept formatted files, such as configuration files, as input.
2) Experiment
[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.
Technique
- Knowing the type of file that an application takes as input, the adversary takes a normal input file and modifies a single variable or tag to contain a large amount of data. If there is a crash, this means that a buffer overflow attack is possible. The adversary will keep changing single variables or tags one by one until they see a change in behavior.
3) Experiment
[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing.
Technique
- Create malicious shellcode that will execute when the program execution is returned to it.
- Use a NOP-sled in the overflow content to more easily "slide" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs
4) Exploit
[Overflow the buffer] The adversary will upload the crafted file to the application, causing a buffer overflow.
Prerequisites
The target program consumes user-controllable data in the form of tags or variables.The target program does not perform sufficient boundary checking.
Skills Required
An adversary can simply overflow a buffer by inserting a long string into an adversary-modifiable injection vector. The result can be a DoS.Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.
Mitigations
Use a language or compiler that performs automatic bounds checking.Use an abstraction library to abstract away risky APIs. Not a complete solution.
Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
Use OS-level preventative functionality. Not a complete solution.
Do not trust input data from user. Validate all user input.
Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
|
| Incorrect Access of Indexable Resource ('Range Error') The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. |
|
| Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. |
|
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
|
| Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
| Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
|
| Compiler Optimization Removal or Modification of Security-critical Code The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified. |
|
| Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
References
REF-1
Exploiting Software: How to Break CodeG. Hoglund, G. McGraw.
Submission
| Name | Organization | Date | Date Release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated References | |
| CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
| CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Skills_Required | |
| CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |
2024©
tesweb SA
