University of the People

CS 3340-01 Systems and Application Security - AY2023-T4

Written Assignment Unit 5

Buffer Overflow or overrun means writing data beyond the buffer size. In other words, the

volume of data being written exceeds the storage capacity of the memory buffer. A buffer is a

temporary memory storage region where data is held for faster processing as it moves from one

part of the system to another. A vulnerable code attempts to write beyond the allotted memory

size thereby compromising the adjacent memory buffer that holds other data since the exploited

vulnerability could successfully write past its boundary.

Buffer Overflow Attack attempts to exploit this vulnerability by writing past the buffer thereby

changing the execution path of the program which may result in overwriting data in the

adjacency data layout and again unauthorize access. (Imperva, n.d). Buffer Overflow Attacks are

classified based on the memory region exploited. Stack overflow which uses stack memory while

a local function is being executed and heap overflow -the harder to exploit- are 2 of the most

common. Others are Integer overflow attacks where integer produce are larger than the integer

size and Unicode overflow attacks where Unicode characters are larger than the allocated size

(Sari, 2023).

Buffer Overflow is a software coding error or vulnerability that makes it a serious threat and one

of the best-known software security vulnerabilities that remains fairly common. The threat

severity spans from the fact that it can occur in various ways using various techniques. Likewise,

these vulnerabilities are common with popular programming languages such that do not have

buffer overflow protection or safeguards against overwriting or accessing data in their memory

built in like C/C++. The most popular operating systems (Mac OSX, Windows, and Linux) all

use code written in this language. A vulnerable code exploits across all computers using any of

the operating systems will make the impact widespread and could be catastrophic.
Data from recent trends shows that buffer overflow vulnerabilities dominate the area of remote

network penetration vulnerabilities, where anonymous users seek to gain partial or total control

of a host. This is also supported by the list of recent attacks summarized below. Buffer overflows

account for over 10,000 of the known software vulnerabilities, 23% of which are considered

severe. In addition, the attack vector comes across the network, the attack complexity is low,

there is no special privilege or user interaction required for the attack to be successful, and no

workaround currently exists to prevent the attack from occurring. Effective elimination of buffer

overflow vulnerabilities will effectively eliminate a very large portion of the most serious

security threats would also be eliminated. In 2022, the top 10 security vulnerabilities with severe

impacts were mostly critical vulnerabilities that allow for remote code execution on systems. The

top 5 are Log4Shell (CVE-2021-44228), Follina (CVE-2022-30190), Spring4Shell (CVE-2022-

22965), Google Chrome Zero-Day (CVE-2022-0609) and F5 BIG-IP (CVE-2022-1388)

(Brandefense, 2023).

A recent Buffer Overflow Attack was with the vulnerability detected ping module of the

FreeBSD operating system assigned the identifier CVE-2022-23093 which could trigger remote

code execution. The ping module reads raw IP Packets with no consideration for the possible

presence of IP option headers which could overflow the buffer by up to 40 bytes. Successful

exploitation of the vulnerability could enable an unprivileged actor to obtain the highest

permissions on the vulnerable host and execute arbitrary code.

Similar to the ping module vulnerability are the high-impact security vulnerabilities disclosed in

APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to

access and control them in an unauthorized manner (Lakshmanan, 2022). This vulnerability

allows complete remote access to the device. Considering these devices are deployed as the
emergency backup for mission-critical infrastructure, the impact of the complete takeover can be

dire.

Lastly in the list of recent Buffer Overflow Attacks were the high-severity flaws in the widely

used cryptography library which could result in denial-of-service (DoS) and remote code

execution. The severity of this vulnerability is based on the fact that it is an open-source

implementation of the SSL and TLS protocols used for secure communication in operating

systems and several applications. The vulnerability requires a malformed certificate that is

trusted or signed by a naming authority. In other words, CA could have signed a malicious

certificate or for the application to continue certificate verification despite failure to construct a

path to a trusted issuer.

In conclusion, going by the fact that the 10 critical vulnerabilities of 2022 are related to remote

code execution on systems, which is also supported by the recent Buffer overflow attacks

examined where 2 of the 3 results in remote code, the severity of the overflow cannot be

overemphasized. As more codes get written, with an estimated 15 to 50 bugs for every 1,000

lines of source code and an estimated 93 billion new lines of code being written every year, this

attack is becoming more prevalent because the majority of applications are written in C and C++,

both of which have no built-in protection against accessing or overwriting data anywhere in

memory. The consequence of a sample attack was rightly described by SentinelOne as follows:

“OpenSSL vulnerability, which is so widely in use and so fundamental to the security of data on

the internet, is one that no organization can afford to overlook" (Lakshmanan, 2022). Also, the

spread of the exploitation is unlikely since it is a well-known application vulnerability. Buffer

overflow vulnerabilities can be mitigated by, performing input validation, enabling runtime

memory protection, avoiding known vulnerable functions, and using memory-safe languages.
References

Brandefense. (2023). Vulnerability and Malware Trends of 2022.

https://brandefense.io/blog/vulnerability-and-malware-trends-of-2022/

Imperva. (n.d). Buffer Overflow Attack. https://www.imperva.com/learn/application-

security/buffer-overflow/

Lakshmanan, R. (2022). OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities.

https://thehackernews.com/2022/11/just-in-openssl-releases-patch-for-2.html

Lakshmanan, R. (2022). Critical Ping Vulnerability Allows Remote Attackers to Take Over

Sari, S. (2023). Buffer Overflow Attacks. https://www.baeldung.com/cs/buffer-overflow