Buffer Overflow – how it affects application security
Do you want to know what is Buffer Overflow and how it affects the Application Security?
When talking about application security, one of the first vulnerabilities the developer knows about is also one of the oldest.
Although Buffer Overflow has been a vulnerability in the security landscape since its inception, it is present in applications to this day.
Buffer Overflow is most commonly found in languages such as C and C ++, where there is the need for prior definition of the memory size of the buffer to be used.
But we have other examples of Buffer Overflow occurring in other languages, such as PHP.
The BUG 77370 fix, for example, solved a buffer overflow problem in a function called PHP mb_regex, showing that caution should not be about specific languages only.
Therefore, in this article, we will talk about what Buffer Overflow is: how it impacts the application and how we can solve this type of problem.
What is Buffer Overflow?
During the development of an application, many aspects need to be considered.
If you are developing in C or C ++, one of the things you will need to think about is the size of the memory buffer that will be reserved for receiving and using data from your application.
So, by determining the size of a buffer, the developer is also determining the space available for storing each data.
But sometimes this size is transmitted in the wrong way, inadvertently or even maliciously.
When a developer determines the size of a memory buffer through data, this buffer can receive more data than was originally intended.
This generates a surplus, and this surplus must go somewhere.
So data that exceeds the expected amount in a buffer is directed to underlying memory spaces, and this is often exploited as a vulnerability.
Conceptually Buffer Overflow is a vulnerability that is very easy to understand. And it can be well exemplified with a simple cup of coffee.
When pouring more coffee in a cup than it holds, the surplus needs to go somewhere – in our example, this place is the saucer.
Therefore, when this excess data is written outside the expected area, the system can perform what was recorded.
And if this excess data is a command, running it can compromise the system.
Buffer overflow when buffering and sending data through different applications
This type of failure can happen to a large number of applications and can be as simple as data that will be sent to a printer.
When we send a file to print, for instance, we are dealing with two machines that have quite different processing.
This is because your printer does not have the same processing power as your computer, so we need a memory space to store the data that will be sent to the printer.
Then this space will store data and send it in printer time.
However, this space may eventually become corrupted, causing more data to be placed than the printer can handle.
This can generate commands, and your application or even the operating system may end up executing those commands.
Another example we can give is when we use a field of defined size to receive a username in an authentication form.
Imagine that in your application the field intended to receive the name of your users was determined with the size of 10 bytes and, during an attack, the attacker inserts a data of 12 bytes in the field.
When this type of attack happens, the surplus will be stored outside the given buffer and can be executed as a command.
Therefore, this is clearly a failure to validate data that has been entered by the user.
What can happen when the Buffer Overflow occurs?
If a buffer overflow vulnerability has been exploited, your application may become unstable, stop, or return with some error information.
In other cases, data that has been written outside the placeholder may contain malicious commands, and when not properly handled, will be executed.
This execution can bring a multitude of problems to the security of your application.
So next, let’s talk about some examples of what might happen when a buffer overflow is present in the application.
1. Arbitrary code execution and elevation of privilege
When an attacker is able to send malicious code to exploit a buffer overflow vulnerability and is successful, there is a serious application security issue.
This is because by exploiting this type of vulnerability, an attacker could take control of an application by sending commands to be executed.
This command submission is called “arbitrary code execution” and occurs when code is injected into a buffer and executed.
When the application is running on an operating system with system privileges, this vulnerability could be exploited for the attacker to perform an action called “elevation of privilege”.
And if the attack is successful, the attacker will be given a system shellcode with the privileges of the user running the application.
If this is the administrator or root, the privileges of these users will be transferred to the attacker.
2. DoS (Denial of Service)
Buffer Overflow is more than just a code execution!
And not every Buffer Overflow vulnerability can be exploited to execute arbitrary code.
Then, when it is not possible to execute code, the attacker can use Denial of Service attacks via Buffer Overflow.
Because a Buffer Overflow vulnerability can happen in any software – regardless of whether this software is a web application or a routing system – other services may suffer this attack.
Router, switch, firewall, and even IoT systems can all have these vulnerabilities.
In fact, this can be an incredible source of equipment to perform other attacks, such as the one described here, where millions of vulnerable equipment were used to perform a DDoS attack.
Another good example is exploiting a fault in CISCO routers, which allowed several devices to be overloaded, leaving them inoperable, which resulted in the shutdown of some networks.
These stops can be simple and quick but can also be long-lasting, leading to damage and misuse of computing resources.
Avoiding flaws on Buffer Overflow
Buffer Overflow vulnerabilities can be prevented in many ways in software.
And there are two basic ways to address a vulnerability within the development process. The first, and most basic, is to work proactively.
Though, as we are still facing vulnerabilities, it seems to us that only the proactive approach has not worked.
So we can say that the second way to prevent vulnerabilities is to act reactively by working countermeasures within the code to prevent vulnerabilities from being exploited.
Let’s detail these two scenarios below.
1. Proactive behavior
The best and most effective way to prevent a Buffer Overflow vulnerability from happening is in the code itself.
So let’s suppose your program receives, in a field, 8 byte-data. Having this as a parameter and knowing this limitation, your code should ensure that only these 8 bytes are accepted in your given field.
Controlling these input fields ensures that there is no data overflow.
In addition, proactive actions within the development process must be applied.
This way, the code review, and validation is being developed, ensuring that the code is always revalidated.
This constant validation process ensures not only that buffer overflow vulnerabilities are present in code, but also other vulnerabilities.
Taking actions proactively, the developer ensures that their code is created and maintained to the best of its ability.
2. Reactive behavior
Acting reactively means that the vulnerability remediation or mitigation action takes place after the vulnerability is discovered.
An example of this prevention is operating systems that have protection for memory areas.
They control access to these memory areas and prevent data logged outside them from being executed.
Another method that can be used to reduce the impact is the implementation of DEP, ASLR or even SEHOP.
Pointer protection can also be used as a reactive measure of vulnerability.
So this kind of protection will prevent attackers from being able to write and execute code within these regions, minimizing the impact.
An even more external form of the application is the use of an intrusion detection system (IDS), which will monitor the network for known attack signatures.
However, it is important to note that these actions are palliative and reactive and should not replace safe development processes per se with well-planned code review steps.
Therefore, what will really ensure that your application is free of these vulnerabilities is periodic code reviews.
Our final appointments
In this article, we provide a basic and simple explanation of what becomes a Buffer Overflow vulnerability.
We then describe what Buffer Overflow is and how it can happen in your application, and how we can mitigate this vulnerability both reactively and proactively.
We believe that, as with any other vulnerability, the pursuit of code improvements, constant validations, and a well-implemented secure development process is what really ensures that code is free of vulnerabilities.
Therefore, we continue to argue that the most effective way to mitigate vulnerabilities is for developers to perform code reviews manually.
So, keeping up to date, knowing best practices and always understanding the real impact of a vulnerability, is what will keep the developer always aware of its result.
We hope this has contributed a little more to a positive outcome.