CAPEC-100: Overflow Buffers

Overflow Buffers

状态:Draft

Typical_Severify: Very High

攻击可能性:High

描述

Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

相关攻击模式

ChildOf: CAPEC-123 |Buffer Manipulation

ParentOf: CAPEC-10 | Buffer Overflow via Environment Variables

ParentOf: CAPEC-14 | Client-side Injection-induced Buffer Overflow

ParentOf: CAPEC-24 | Filter Failure through Buffer Overflow

ParentOf: CAPEC-256 | SOAP Array Overflow

ParentOf: CAPEC-42 | MIME Conversion

ParentOf: CAPEC-44 | Overflow Binary Resource File

ParentOf: CAPEC-45 | Buffer Overflow via Symbolic Links

ParentOf: CAPEC-46 | Overflow Variables and Tags

ParentOf: CAPEC-47 | Buffer Overflow via Parameter Expansion

ParentOf: CAPEC-67 | String Format Overflow in syslog()

ParentOf: CAPEC-8 | Buffer Overflow in an API Call

ParentOf: CAPEC-9 | Buffer Overflow in Local Command-Line Utilities

Execution Flow Attack Setp

Setp 1 Explore

The adversary identifies a buffer to target. Buffer regions are either allotted on the stack or the heap, and the exact nature of attack would vary depending on the location of the buffer

Setp 2 Explore

Next, the adversary identifies an injection vector to deliver the excessive content to the targeted buffer.

Setp 3 Experiment

The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries' choosing which points to code injected by the adversary.

Setp 4 Exploit

The adversary injects the content into the targeted software.

Setp 5 Exploit

Upon successful exploitation, the system either crashes or control of the program is returned to a location of the adversaries' choice. This can result in execution of arbitrary code or escalated privileges, depending upon the exploited target.

前置条件

Targeted software performs buffer operations.

Targeted software inadequately performs bounds-checking on buffer operations.

Adversary has the capability to influence the input to buffer operations.

所需技能

Level Low

In most cases, overflowing a buffer does not require advanced skills beyond the ability to notice an overflow and stuff an input variable with content.

Level High

In cases of directed overflows, where the motive is to divert the flow of the program or application as per the adversaries' bidding, high level skills are required. This may involve detailed knowledge of the target system architecture and kernel.

所需资源

None: No specialized resources are required to execute this type of attack. Detecting and exploiting a buffer overflow does not require any resources beyond knowledge of and access to the target system.

后果

Scope Impact Likelihood
A v a i l a b i l i t y Unreliable Execution
Confidentiality Integrity Availability Execute Unauthorized Commands
Confidentiality Access Control Authorization Gain Privileges

缓解措施

Use a language or compiler that performs automatic bounds checking.

Use secure functions not vulnerable to buffer overflow.

If you have to use dangerous functions, make sure that you do boundary checking.

Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.

Use OS-level preventative functionality. Not a complete solution.

Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software.

实例

The most straightforward example is an application that reads in input from the user and stores it in an internal buffer but does not check that the size of the input data is less than or equal to the size of the buffer. If the user enters excessive length data, the buffer may overflow leading to the application crashing, or worse, enabling the user to cause execution of injected code.

Many web servers enforce security in web applications through the use of filter plugins. An example is the SiteMinder plugin used for authentication. An overflow in such a plugin, possibly through a long URL or redirect parameter, can allow an adversary not only to bypass the security checks but also execute arbitrary code on the target web server in the context of the user that runs the web server process.

相关CWE

120 | 未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

119 | 内存缓冲区边界内操作的限制不恰当

131 | 缓冲区大小计算不正确

129 | 对数组索引的验证不恰当

805 | 使用不正确的长度值访问缓冲区

19 | 数据处理

680 | 整数溢出导致缓冲区溢出

内容历史记录

提交

2014-06-23 | CAPEC Content Team | The MITRE Corporation

修改

2017-01-09 | CAPEC Content Team | The MITRE Corporation

Updated Related_Attack_Patterns

2017-08-04 | CAPEC Content Team | The MITRE Corporation

Updated Attack_Phases, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Indicators-Warnings_of_Attack, Probing_Techniques, Related_Vulnerabilities, Resources_Required