Summary of Security Vulnerabilities for Assignement

1
Summary of Security Vulnerabilities for
Assignement 1
2
Summary of Results

• Not surprisingly, most submissions were buffer
  overruns 19 out of 24
• Pretty much all overruns overwrite return address
  on the stack
• Most people concentrated on the overrun itself,
  not the possibility of injecting the code
• It is not always clear whether is is possible to
  exploit the potential overruns
• Several other types of problems

3
Buffer Overruns Simple

• Many are relatively easy to detect, such as
  dataflow from user-supplied strings into fixed
  buffer via insecure calls sprintf, strcpy, etc.

4
Some More Complicated Ones
5
Buffer overruns (continued)

• This code is from mutt, a Unix email client
• s points to the MIME subtype of a message
• A very long first word in the header can cause a
  buffer overflow to occur
• Some sort of size checking is necessary

6
Other Types of Bugs
7
Ideas for Final Report

• These programs provide a base to test your
  approaches on
• If you want to propose a new technique, you can
  apply it to these examples by hand
• See http//suif.stanford.edu/cgi-bin/wk?CS343
• How many of the bugs is it going to detect?

8
Lightweight Tools

• Can propose improvements to some of the
  techniques discussed in class
• Keep in mind that there is a class of bugs that
  are actually quite easy to detect. For instance,
  pscan available from http//www.striker.ottawa.on.
  ca/aland/pscan/ is very small (several hundred
  lines) and is capable of detecting a large
  percentage of format string bugs
• It detects both format string violations in
  Posadis
• However, its intraprocedural and isnt capable
  of detecting harder stuff like the format
  string violations in muh
• CQual -- A tool for adding type qualifiers to C
  works for format strings publicly available at
  http//www.cs.berkeley.edu/jfoster/cqual/
• Similar lexical tools could be created for other
  types of problems, such as potentially incorrect
  use of string manipulation routines