Insecure coding practices used by application developers can lead to the creation of vulnerabilities in programs. This fact of life lies at the core of all software vulnerabilities. Until secure coding practices are implemented across the board at all organizations and firms, these flaws will continue to perpetuate vulnerabilities to be exploited. Three of the most common and damaging attacks allowed by the potential vulnerabilities are buffer overflows, including stack overflows and heap/BSS/data overflows, and format string attacks.
Stack buffer overflows are very popular among hackers because they are one of the easier exploits to pull off and they offer the best payoff. The vulnerability allows an attacker to input data past the limitation of a variable, which allows it to be written into adjacent locations in memory. Once this data has been written, the attacker triggers a method for calling that memory location and executing the code. The results can range from crashing the application to remotely executing code, which generates a shell back to the attacker.
There are many tools available to attackers that will allow them exploit potential stack buffer overflow vulnerabilities in remote systems, but these can often be fragmented across many platforms and require significant reworking of code to make them functional. Perhaps the best tool available on the internet to centralize the transmission of these exploits, and many others, is the Metasploit Framework. An example of this will be the easyftp_list.rb exploit that targets EasyFTP Server versions 184.108.40.206 and below. “EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow” (Metasploit, 2010). The exploit is included as a module within the Metasploit framework and requires minimal configuration on the part of the attacker. The parameter that needs to be explicitly designated is the IP address of the target running the EasyFTP server.
Heap overflows are similar to stack overflows, but instead of aiming to overwrite information to the stack, heap-based overflows overwrite to the heap, which is used by programs to allocation dynamic memory at runtime (McClure, Scambray & Kurtz, 2009). A common technique used by attackers is the heap spray, which, like its name alludes, sprays the heap with information in an attempt to overwrite certain bytes of code. Attackers “commonly take advantage from the fact that these heap blocks will roughly be in the same location every time the heap spray is run” (Abysssec, 2010).
In terms of tool availability, heap overflows are in the same boat as stack-based buffer overflows. As before, one of the more reliable sources for functional exploits for this method will come from the Metasploit repository, which is updated on a daily basis to include the latest tools available. An example of a heap overflow tool is the exim4_string_format.rb module, which actually combines...