ITC Security Threat of the Week – Week 6: Buffer overflows

 In ITC's Threat of the Week

Risks

Buffer overflows present a big part of IT security threats and they often result in a target host to be compromised, almost every Cisco device or any other vendor of your choice. An attacker would normally be able to execute their own code with the privileges of the vulnerable software and even escalate them. This situation has remained the same for some time now even though some hardware based counter measures were introduced many years ago,

Please see the below buffer overflow article explaining it nicely
http://bot24.blogspot.co.uk/2012/10/bufferstack-overflow-explained-nicely.html

Whilst suitable defences have been known for a couple of decades, the very large existing base of vulnerable software and systems hinders their deployment.

What is Buffer Overflow?

  • Allows more data to be stored than capacity available in a fixed sized buffer
  • Buffer can be on stack, heap, global data
  • Overwriting adjacent memory locations
  • Corruption of program data
  • Unexpected transfer of control
  • Memory access violation
  • Execution of code chosen by attacker

Root cause

The root cause here is a design flaw, the systems (BIOS, CPU, OS, Middleware) were originally designed without sufficient consideration for potential security issues as it was hard and expensive) enough to make it all work in the first place and it was possible to find a way to treat data passed to a program as code, which can be and frequently is malicious.

The current situation is similar to the way IPv6 is adopted (RFC 2460 was published in Dec 1998) the process is taking many years even though IPv6 was designed to make it easier.

Conclusion

The conclusion is that software will remain vulnerable (often critically vulnerable) for quite some time, because it’s just too expensive and time consuming to fix it and it’s therefore vital for businesses to have some security systems in place.

ITC Secure Networking

The vulnerabilities listed in this article is another example of IT security risks that make threats that make SIEM solutions, Intrusion Prevention systems and next generation firewalls a must have in today`s computing world.
ITC offer a selection of vulnerability management solutions that can help you and your organization to detect and mitigate possible Buffer overflows.

  • Palo Alto Threat Prevention
  • HP ArcSight SIEM
  • Cisco and Checkpoint IPS
  • QualysGuard Vulnerability Scanner

To learn more about ITC Secure Networking and the services we offer, please visit our website: www.itcsecurity.com.

Author: Kevin Whelan

Recent Posts

Leave a Comment