Question

Your organization’s app has been found to have stack overflow vulnerability. Search in NVD to make a list of actions you will take immediately and overtime to mitigate and prevent such occurrences in future? Describe at least three design and project management measures.

Answer 1

Stack overflow, as the name suggests it is a type of vulnerability related to data overflow. Say when we enter data into the data structure, if the data entered is more that the capacity of the data structure then the data overflows to adjacent memory locations and this might cause the application to crash. It is one form of denial of service (DoS) attack. This is one of the oldest vulnerabilities, this is common when we use languages like C or C++ which uses pointers.

We know that stack is a basic data structure, in which the data is stored in the Last in first out fashion. The stack uses the push operation to insert data to the stack, where the data is added to the top and the pop operation to remove the item from the stock, where the data is removed from the top. Stack segment is used as temporary storage to store local function variable when the function is call. Stack overflow is concerned with this stack segment. In x86 Architecture stack grows from high memory address to low memory address.

This issue is exploited by the attackers by overwriting the memory of the application. That will later change the execution path and will trigger responses that might damage the files or exposes private information. We can detect buffer overflow if we pay attention to where the stacks are being used or accessed. Also, there would be functionalities in the application where the application takes in input from the user or some source. If we are able to detect the stack-based overflow there are possibilities of preventing it.

An attacker can act in various ways:

• Intentionally feed input that the buffer cannot store and overwrite areas that hold executable code, replacing it with their own malicious code.

• Change the execution path of a program to trigger a response that may expose private information.

• Introduce extra code to gain access to IT systems.

• Overwrite a pointer to gain control over the program.

To prevent stack overflow:

One can protect against stack overflow vulnerability by taking some security measures in their code or they can use a different programming language which offers some kind of in-built protection to the application, but that is not suggestable always , in such cases we can use secure practices for handling This study resource was shared via the memory. Defense methods are provided by the operating systems in the form of ASLR, nonexecutable stacks, DEP, and using other structures. There are three common protection methods that can be used:

Data execution prevention:

This method flags a certain area of the memory as an executable or non-executable memory, which will stop an attack from the running code.

Address space randomization: ASR randomly moves around the address space locations of the data region. The overflow attacks will need to know the locality of the code that’s being executed and randomizing the address space will make that impossible to find.

Structured exception handler overwrite protection:

This method helps stop the malicious code from attacking the structured exception handling, it is an inbuilt system that manages the hardware and software exceptions. That is how it prevents the attacker from being able to make use of the structured exception handler overwrite exploitation technique.