common software vulnerabilities causes and consequences
play

Common software vulnerabilities: causes and consequences Ricardo J. - PowerPoint PPT Presentation

May 22, 2023 •293 likes •611 views

Common software vulnerabilities: causes and consequences Ricardo J. Rodrguez CUD rjrodriguez@unizar.es @RicardoJRdez 14 de marzo, 2019 I Jornadas OWASP ZGZ $whoami Ph.D. in Computer Sciences (University of Zaragoza, 2013)

  1. Common software vulnerabilities: causes and consequences Ricardo J. Rodríguez – CUD rjrodriguez@unizar.es– @RicardoJRdez 14 de marzo, 2019 I Jornadas OWASP – ZGZ

  2. $whoami Ph.D. in Computer Sciences (University of Zaragoza, 2013) Professor in Centro Universitario de la Defensa , Academia General Militar (Zaragoza) Research interests: Performance/dependability/security analysis Model-driven engineering (considering security aspects) Program binary analysis (specially, malware analysis) RFID/NFC security Not prosecuted ( yet ) ¨ ⌣ Speaker in NcN, HackLU, RootedCON, STIC CCN-CERT, HIP , MalCON, HITB. . . 1 / 19

  3. Agenda 1 Introduction Common Software Vulnerabilities 2 Conclusions 3 2 / 19

  4. Agenda 1 Introduction 2 Common Software Vulnerabilities 3 Conclusions 3 / 19

  5. Introduction Credits : https://www.cvedetails.com/browse-by-date.php 4 / 19

  6. Introduction Some definitions of interest Vulnerability : software flaw An attacker can take advantage of a vulnerability and exploit it Average occurrence of faults per Lines of Code ( defect density ) Usually, it depends on the particular software company (different development cycles) Credits : https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670 5 / 19

  7. Agenda 1 Introduction 2 Common Software Vulnerabilities 3 Conclusions 6 / 19

  8. Common Software Vulnerabilities Buffer Overflow Credits : https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&query=buffer+ overflow&queryType=phrase&search_type=all 7 / 19

  9. Common Software Vulnerabilities Buffer Overflow Also called buffer overrun Most prevalent error in C/C++ programs First BOF exploited: Morris worm (1988) (BSD-derived) UNIX fingerd daemon For curious readers: doi: 10.1145/66093.66095 Seminal work of Aleph One in 1996 Smashing the stack for fun and profit , Phrack, 7(49), 1996 http://phrack.org/issues/49/14.html Caused when a buffer is overwritten beyond its boundaries Unsafe functions DO NOT check the buffer limits when operating , then provoking the buffer is overwritten beyond its boundaries Examples of unsafe functions: gets , scanf , strcpy , strcat , sprintf , ... 8 / 19

  10. Common Software Vulnerabilities Buffer Overflow We can distinguish two kind of buffer overflows: Stack-based BOF ( https://cwe.mitre.org/data/definitions/121.html ) Heap-based BOF ( https://cwe.mitre.org/data/definitions/122.html ) 9 / 19

  11. Common Software Vulnerabilities Buffer Overflow We can distinguish two kind of buffer overflows: Stack-based BOF ( https://cwe.mitre.org/data/definitions/121.html ) Heap-based BOF ( https://cwe.mitre.org/data/definitions/122.html ) Which elements are stored in these memory segments? Stack: stores function parameters, local variables , and caller return address Heap: dynamic memory (memory allocated by the program – also objects) 9 / 19

  12. Common Software Vulnerabilities Buffer Overflow We can distinguish two kind of buffer overflows: Stack-based BOF ( https://cwe.mitre.org/data/definitions/121.html ) Heap-based BOF ( https://cwe.mitre.org/data/definitions/122.html ) Which elements are stored in these memory segments? Stack: stores function parameters, local variables , and caller return address Heap: dynamic memory (memory allocated by the program – also objects) Consequences Denial-of-Service (crashes and resource consumption) Execution of unauthorized code (or commands) Bypassing of protection mechanisms Others 9 / 19

  13. Common Software Vulnerabilities Buffer Overflow – example + demo 1 // vuln1.c 2 #include <stdio.h> 3 #include <stdlib.h> 4 #include <string.h> 5 6 #define BUFLEN 256 7 8 void secret() 9 { 10 printf("YOU WIN!\n"); 11 } 12 13 void copy_arg(char *s) 14 { 15 char buffer[BUFLEN]; 16 17 strcpy(buffer , s); 18 printf("Your argument is: %s\n", buffer); 19 } 20 21 int main(int argc, char *argv[]) 22 { 23 if(argc != 2){ 24 fprintf(stderr , "usage error: %s string - echoes string argument\n", argv[0]); 25 return EXIT_FAILURE; 26 } 27 copy_arg(argv[1]); 28 29 return EXIT_SUCCESS; 30 } 10 / 19

  14. Common Software Vulnerabilities Buffer Overflow – example + demo 1 // vuln1.c 2 #include <stdio.h> 3 #include <stdlib.h> L17: strcpy is an unsafe function 4 #include <string.h> 5 6 #define BUFLEN 256 Does not check the length of 7 buffer : just copies each byte of s to 8 void secret() 9 { buffer until the string terminator 10 printf("YOU WIN!\n"); 11 ( NULL character) is reached } 12 When size of s is greater than 13 void copy_arg(char *s) 14 { BUFLEN , the adjacent memory to 15 char buffer[BUFLEN]; buffer is overwritten 16 17 strcpy(buffer , s); What elements were stored in the 18 printf("Your argument is: %s\n", buffer); 19 } stack, apart from local variables (such 20 as buffer )? 21 int main(int argc, char *argv[]) 22 { 23 if(argc != 2){ 24 fprintf(stderr , "usage error: %s string - echoes string argument\n", argv[0]); 25 return EXIT_FAILURE; 26 } 27 copy_arg(argv[1]); 28 29 return EXIT_SUCCESS; 30 } 10 / 19

  15. Common Software Vulnerabilities Buffer Overflow – example + demo 1 // vuln1.c 2 #include <stdio.h> 3 #include <stdlib.h> L17: strcpy is an unsafe function 4 #include <string.h> 5 6 #define BUFLEN 256 Does not check the length of 7 buffer : just copies each byte of s to 8 void secret() 9 { buffer until the string terminator 10 printf("YOU WIN!\n"); 11 ( NULL character) is reached } 12 When size of s is greater than 13 void copy_arg(char *s) 14 { BUFLEN , the adjacent memory to 15 char buffer[BUFLEN]; buffer is overwritten 16 17 strcpy(buffer , s); What elements were stored in the 18 printf("Your argument is: %s\n", buffer); 19 } stack, apart from local variables (such 20 as buffer )? 21 int main(int argc, char *argv[]) 22 { 23 if(argc != 2){ 24 fprintf(stderr , "usage error: %s string - echoes BINGO: return address to main string argument\n", argv[0]); 25 return EXIT_FAILURE; ( let’s see a demo about hijacking the 26 } 27 copy_arg(argv[1]); program control-flow ) 28 29 return EXIT_SUCCESS; 30 } 10 / 19

  16. Common Software Vulnerabilities Numerical Issues Credits : https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&query=integer+ overflow&queryType=phrase&search_type=all 11 / 19

  17. Common Software Vulnerabilities Numerical Issues Integer numerical errors Overflows : when the result of an integer expression exceeds the maximum value for its respective type Underflows : when the result of an integer expression is smaller than its minimum value, it wraps to the maximum integer for the type. For instance, subtracting 0 − 1 and storing the result in an unsigned 16-bit integer Signedness error : when a signed integer is interpreted as unsigned, or vice-versa Lossy truncations : when assigning an integer with a larger width to a smaller width Costly and exploitable bugs Reported in the top 25 most dangerous software errors (MITRE 2011) 12 / 19

  18. Common Software Vulnerabilities Numerical Issues Integer numerical errors Overflows : when the result of an integer expression exceeds the maximum value for its respective type Underflows : when the result of an integer expression is smaller than its minimum value, it wraps to the maximum integer for the type. For instance, subtracting 0 − 1 and storing the result in an unsigned 16-bit integer Signedness error : when a signed integer is interpreted as unsigned, or vice-versa Lossy truncations : when assigning an integer with a larger width to a smaller width Costly and exploitable bugs Reported in the top 25 most dangerous software errors (MITRE 2011) Consequences Denial-of-Service (crashes and resource consumption) Execution of unauthorized code (or commands) Bypassing of protection mechanisms Logic errors 12 / 19

  19. Common Software Vulnerabilities Numerical Issues – example + demo 1 // vuln2.c 2 #include <stdio.h> 3 #include <string.h> 4 #include <stdlib.h> 5 6 #define MAXLEN 32 // max passwd length 7 8 void store_passwd_indb(char* passwd) 9 { 10 if(passwd != NULL) 11 { 12 // do stuff... 13 } 14 } 15 16 void validate_uname(char* uname) 17 { 18 // do more stuff... 19 } 20 21 void validate_passwd(char* passwd) { 22 char passwd_buf[MAXLEN]; 23 unsigned char passwd_len = strlen(passwd); 24 25 // zeroes the buffer 26 bzero(passwd_buf , sizeof(passwd_buf)); 27 28 // check length 29 if(passwd_len >= 8 && passwd_len <= MAXLEN){ 30 printf("Valid password\n"); 31 strcpy(passwd_buf ,passwd); 32 }else 33 printf("Invalid password\n"); 34 35 // store it into the DB 36 store_passwd_indb(passwd_buf); 37 } 38 39 int main(int argc, char* argv[]) { 40 if(argc != 3) { 41 printf("usage error: %s username passwd\n", argv[0]); 42 exit(EXIT_FAILURE); 43 } 44 validate_uname(argv[1]); 45 validate_passwd(argv[2]); 46 47 return EXIT_SUCCESS; 48 } 13 / 19

Recommend

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security &amp; Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Evaluation of Doses, Risks, Vulnerabilities, and Consequences for Population and Environment

Evaluation of Doses, Risks, Vulnerabilities, and Consequences for Population and Environment

Evaluation of Doses, Risks, Vulnerabilities, and Consequences for Population and Environment Employing GIS Analysis Alexander Mahura 1 , Alexander Baklanov 1 , Olga Rigina 2 , Jens Havsk v Sorensen 1 , Rony Bergman 3 , Vladislav Golikov 4 ,

460 views • 14 slides
What are the risks, vulnerabilities, and potential consequences associated with High Impact

What are the risks, vulnerabilities, and potential consequences associated with High Impact

What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events? April 9, 2019 Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security About the Presenter Joshua Rowe, PSP WECC

741 views • 47 slides
Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020

Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020

Common Vulnerability Scoring System Engineering Secure Software Last Revised: November 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 How Bad is Bad? Weve seen many vulnerabilities Many of them can do catastrophic

541 views • 35 slides
Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Vulnerabilities in C-based languages

633 views • 59 slides
Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack every computer that we own. Most

503 views • 48 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Some Terminology Software error A programming mistake that make the software not meet its expectation Software

726 views • 59 slides
Boilerplate Clauses in Commercial Contracts: Avoiding Unintended Consequences Navigating Common

Boilerplate Clauses in Commercial Contracts: Avoiding Unintended Consequences Navigating Common

Presenting a live 90-minute webinar with interactive Q&amp;A Boilerplate Clauses in Commercial Contracts: Avoiding Unintended Consequences Navigating Common Pitfalls in Standard Contract Provisions and Implementing Practical Solutions Tuesday,

891 views • 85 slides
Should Cyber-Insurance Providers Invest in Software Security? Aron Laszka 1 and Jens Grossklags 2

Should Cyber-Insurance Providers Invest in Software Security? Aron Laszka 1 and Jens Grossklags 2

Should Cyber-Insurance Providers Invest in Software Security? Aron Laszka 1 and Jens Grossklags 2 1 University of California, Berkeley 2 Pennsylvania State University Software Vulnerabilities Most software products suffer from vulnerabilities

448 views • 22 slides
Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution Exoskeleton Endoskeleton Soft and squishy! Lascaux Consequences Pedestrian RTCs Brain Spinal cord injury Common Clinical Patterns Upper Limbs

706 views • 54 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security Security is a form

2.11k views • 190 slides
Exploiting Vulnerabilities in Media Software iSEC Partners https://www.isecpartners.com Agenda

Exploiting Vulnerabilities in Media Software iSEC Partners https://www.isecpartners.com Agenda

Exploiting Vulnerabilities in Media Software iSEC Partners https://www.isecpartners.com Agenda Introduction Why media software? Why bugs are still out there How we're going to bang them out Fuzzing techniques

470 views • 30 slides
Vulnerabilities in C/C++ programs Part II TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part II TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part II TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Integer overflows and sign errors Adding,

756 views • 42 slides
Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER

Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER

Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER the views and opinions expressed on this talk are solely my own and do not reflect the views or opinions of my employer. @ivRodriguezCA

1.18k views • 82 slides
Automated Discovery of Cross - Plane Event - Based Vulnerabilities in Software - Defined Networking

Automated Discovery of Cross - Plane Event - Based Vulnerabilities in Software - Defined Networking

Automated Discovery of Cross - Plane Event - Based Vulnerabilities in Software - Defined Networking Benjamin E. Ujcich 1 , Samuel Jero 2 , Richard Skowyra 2 , Steven R. Gomez 2 , Adam Bates 1 , William H. Sanders 1 , and Hamed Okhravi 2 1 University

605 views • 46 slides
Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of

Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of

Systems and Software Verification Laboratory Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Static Analysis Lucas Cordeiro (Formal Methods

1.9k views • 188 slides
Detection of Software Vulnerabilities: Dynamic Analysis Lucas Cordeiro Department of Computer

Detection of Software Vulnerabilities: Dynamic Analysis Lucas Cordeiro Department of Computer

Systems and Software Verification Laboratory Detection of Software Vulnerabilities: Dynamic Analysis Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Dynamic Analysis Lucas Cordeiro (Formal Methods Group)

2.04k views • 187 slides
Software Security (II): Other types of software vulnerabilities Dawn Song 1 Dawn Song 3 #293

Software Security (II): Other types of software vulnerabilities Dawn Song 1 Dawn Song 3 #293

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Software Security (II): Other types of software vulnerabilities Dawn Song 1 Dawn Song 3 #293 HRE-THR 850 1930 ALICE SMITH COACH SPECIAL INSTRUX: NONE Dawn Song

804 views • 61 slides
Wh What t abou out t th the e sof oftw twar are? e? How many security vulnerabilities

Wh What t abou out t th the e sof oftw twar are? e? How many security vulnerabilities

Wh What t abou out t th the e sof oftw twar are? e? How many security vulnerabilities are there in the software implementing all this smart grid functionality and the underlying protocols? Erik Poll Radboud University Nijmegen Moti

351 views • 33 slides
Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas

Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas

Design and Implementation of an object- oriented, secure TCP/IP Stack Hannes Mehnert, Andreas Bogk 23c3 27. December 2006 Overview Common software vulnerabilities Dylan Architecture of IP-Stack CVE sorted by bug class Software

447 views • 44 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Analyzing security Security

1.41k views • 107 slides

More recommend