CAPEC-14 Metadata
Likelihood of Attack
Medium
Typical Severity
High
Overview
Summary
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.
Prerequisites
The targeted client software communicates with an external server. The targeted client software has a buffer overflow vulnerability.
Execution Flow
| Step | Phase | Description | Techniques |
|---|---|---|---|
| 1 | Explore | [Identify target client-side application] The adversary identifies a target client-side application to perform the buffer overflow on. The most common are browsers. If there is a known browser vulnerability an adversary could target that. |
|
| 2 | Experiment | [Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer. |
|
| 3 | Experiment | [Create hostile service] The adversary creates a hostile service that will deliver content to the client-side application. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing. |
|
| 4 | Exploit | [Overflow the buffer] Using the injection vector, the adversary delivers the content to the client-side application using the hostile service and overflows the buffer. |
|
Potential Solutions / Mitigations
The client software should not install untrusted code from a non-authenticated server. The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers. Perform input validation for length of buffer inputs. Use a language or compiler that performs automatic bounds checking. Use an abstraction library to abstract away risky APIs. Not a complete solution. Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution. Ensure all buffer uses are consistently bounds-checked. Use OS-level preventative functionality. Not a complete solution.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-353 | Missing Support for Integrity Check |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-100 | Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.