Buffer overflow x monkeyuser.com

monkey-user-coffee-overflow

 

 

Everyone enjoys their coffee hot… As long as the amount of coffee fits perfectly into the cup. Otherwise, the exact moment it overflows the edge, it turns into a malicious liquid that makes lots of mess in the kitchen, and you are not exactly in a cleaning mood.

 

When it comes to computers, it’s exactly the same. We like our data in the place it’s supposed to be, the data length as intended, not overwriting other data and receiving unexpected results.

 

 

Don’t let anyone make a fool out of you, not only on April Fools’ Day.

 

Make sure that the applications you create are secure. Download our free Mobile Application Security Guide

 

 

Read more and check our tips.

 

Let’s start with a brief history lesson and take a look at the Morris worm, one of the first of its kind. It exploited a buffer overflow vulnerability in a popular version of a finger daemon, which was used to exchange information about computer systems and its users. This incident shut down 10% of the global internet. Well except Finland, which was not connected to the internet back then.

 

Another famous worm – SQL Slammer – comes from 2003. It exploited a buffer overflow issue in Microsoft SQL Server and Desktop Engine found 6 months earlier by a researcher. Even though the patch had been already released at that time, it was left unfixed by many institutions, allowing the worm to affect 75000 victims in 10 minutes.

 

Heartbleed is also an interesting case – not exactly buffer overflow, but a so-called buffer over-read, which means that a program proceeds to read more than expected. It was possible to access web server memory and get for example POST requests data from other users. Curious? Check out Computerphile.

 

And what about an integer overflow? Imagine an odometer with all digits set to 9. What happens after one more kilometer? That’s right – it’s all zeros again! Anyway, if you’re interested in a real-case scenario, we recommend this.

 

Also, have you heard about Axis Communications security camera and Devil’s Ivy? An integer overflow in gSOAP resulted in an RCE. Exploited, allowed an attacker to access the video feed, which is definitely not something we expect from a security camera.

 

 

Stay alert not only on April Fools’ Day:

  • If your program is written in a strongly typed language that doesn’t allow direct memory access like Java, .NET, or Python, you probably won’t have problems with buffer overflows. Of course, there are some exceptions (e.g. if you use vulnerable extensions), but usually you don’t have to worry about them
  • Otherwise, remember about safe functions that check the bounds (the already mentioned Morris Worm exploited unsafe “gets” function in fingerd)
  • You can also use techniques like Stack Canary
  • Always sanitize the input!
  • Order professional penetration testing of your app and find all possible resource overflow attack vectors

 

As you can see, this problem is pretty simple to fix. If your espresso cup is only 30ml, don’t trust coffee machine settings – check it! Or else you may end up with coffee on your shoes…

 

Remember – input validation is the first line of defence, not only against buffer overflows.

 

 

Subscribe our newsletter and stay in touch with us.

 

Follow us on Twitter | Medium | Facebook | LinkedIn | GitHub

 

The comics were created in collaboration with monkeyuser.com

Stay tuned!

  • Articles and free security guides
  • Reports
  • Presentations and news from conferences around the world
Providing personal data is voluntary. We will send the newsletter until the consent is withdrawn (You can withdraw your consent at any time). Your data will be processed for a period specified in the Privacy Policy available at the following URL.
The Data Controller is SecuRing SJ with the registered office at ul. Kalwaryjska 65/6, 30-504 Kraków. I have the right to withdraw my consent at any time (by sending an e-mail to the address info@SecuRing.pl or by phone: +48 (12) 425 25 75). I have the right to access, rectify, erase or limit the processing of my personal data, the right to object, the right to file a complaint with the supervisory authority and right to transfer data. The legal basis for the processing of personal data is Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
The Data Controller uses various IT solutions that allow for more efficient communication and cooperates with entities supporting it in its business and IT processes (i.e. these companies are data recipients/processors). Data are not transferred outside the European Economic Area. These companies have signed appropriate contracts for entrustment of personal data processing.
Thank you for subscribing.
Something went wrong.
Please contact us by phone.