Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.
-
Upload
adela-brooks -
Category
Documents
-
view
212 -
download
0
Transcript of Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.
![Page 1: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/1.jpg)
Middleware Vulnerabilities
Damian TamayoKansas State University
MSE 2nd Semester
![Page 2: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/2.jpg)
Overview
• Common Attacks
• Examples
• Possible Solutions
![Page 3: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/3.jpg)
Common Attacks
• Overflows
• String Format/Validation
• Race Conditions - permissions
• Cross Site Scripting
![Page 4: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/4.jpg)
Attacks Defined
• Buffer Overflow – overwriting allocated buffer
• String Format/Validation – send commands through user input
• Race Conditions – interrupt handling
• Cross Site Scripting – script injection on client side applications
![Page 5: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/5.jpg)
Examples - Overflow
returnaddress
Top ofstack
variable
variable
filename
![Page 6: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/6.jpg)
Overflow Continued
returnaddress
Top ofstack
variable
variable
\XFERS\AAA.
![Page 7: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/7.jpg)
Overflow Continued
AAAA
Top ofstack
variable
variable
\XFERS\A..AAAA
![Page 8: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/8.jpg)
Possible Solutions
• Check for buffer/string lengths• Use operations that are safe– C/C++• strncpy• strncat
– Java/EJB’s• Technically “No”• Theoretically possible
![Page 9: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/9.jpg)
String Format/User Validation
• External Commands to the system– URL– Form Control Commands • “:”
– “god” like query ability
![Page 10: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/10.jpg)
Possible Solutions
• Perform checks on user input
• Don’t use shortcuts to format strings
• Filters
![Page 11: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/11.jpg)
Race Condition
• Interrupts are not handled correctly– System raises privilege level to perform operation– System handles interrupt – Attacker sends command at higher privilege than
user
![Page 12: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/12.jpg)
Possible Solutions
• Handle interrupts appropriately– System raises privileges– Attacker sends interrupt– System catches interrupt– System finishes operation and lowers privileges – System handles Attacker’s interrupt
![Page 13: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/13.jpg)
Cross Site Scripting
http://testasp.acunetix.com/Search.asp
<br><br>Please login with the form below before proceeding:<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><input type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form>
![Page 14: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/14.jpg)
Cross Site Scripting
• http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+the+form+below+before+proceeding%3A%3Cform+action%3D%22test.asp%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput+type%3Dsubmit+value%3DLOGIN%3E%3C%2Fform%3E
![Page 15: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/15.jpg)
Possible Solutions
• Form Controls
• User input Control
• Filters
![Page 16: Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2 nd Semester.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f165503460f94c2d060/html5/thumbnails/16.jpg)
References• “Buffer Overflow” http://www.faqs.org/docs/javap/c9/s1.html, visited
11/19/2008• “J2EE-Security” http://www.pankaj-k.net/sd/west/2003/j2ee_security.pdf, visited
11/19/2008• “SecureProgramingTutorial”
www.cinnabar.ca/library/SecureProgramingTutorial.ppt, visited 11/19/2008• “XSS” Window Security 11 pp., http://www.windowsecurity.com/articles/Cross-
Site-Scripting-Underestimated-Exploit.html, visited 11/19/2008