CS 335: Special Topic in Cyber Security
Root Causes for Vulnerability
CS 335: Special Topic in Cyber Security
Overview
• Vulnerability classes
• Memory corruption vulnerabilities
• Default or hardcoded credentials
• User enumeration
• Incorrect resource access
• Memory exhaustion attacks
• Storage exhaustion attacks
• CPU exhaustion attacks
• Format string vulnerabilities
• Command Injection
• SQL Injection
• Text-encoding character
replacement
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
3
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
4
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
- Persistent
5
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
- Persistent
- Nonpersistent
6
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
- Persistent
- Nonpersistent
• Information Disclosure
7
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
- Persistent
- Nonpersistent
• Information Disclosure
• Authentication Bypass
8
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
- Persistent
- Nonpersistent
• Information Disclosure
• Authentication Bypass
• Authorization Bypass
9
CS 335: Special Topic in Cyber Security
Vulnerability classes
• Remote Code Execution
• Denial-of-Service
- Persistent
- Nonpersistent
• Information Disclosure
• Authentication Bypass
• Authorization Bypass
- Don’t confuse authorization bypass with authentication bypass vulnerabilities.
10
CS 335: Special Topic in Cyber Security
Memory corruption vulnerabilities
• Memory-Safe vs. Memory-Unsafe Programming Languages
• Memory Buffer Overflows
11
https://bugs.python.org/issue24481 https://curl.se/docs/CVE-2014-3707.html
CS 335: Special Topic in Cyber Security
Memory Buffer Overflows
• Fixed-Length Buffer Overflows
12
CS 335: Special Topic in Cyber Security
Memory Buffer Overflows
• Variable-Length Buffer Overflows
13
CS 335: Special Topic in Cyber Security
Integer Overflows
• Module Arithmetic
- 8 bit integer example
• 65 * 4 = 260
14
https://bugs.php.net/bug.php?id=69545/
CS 335: Special Topic in Cyber Security
Integer Overflows
• Out-of-Bounds Buffer Indexing
• Dynamic Memory Allocation Failures
15
CS 335: Special Topic in Cyber Security
Default or hardcoded credentials
• Default Credentials
• Hardcoded Credentials
16
https://lightningsecurity.io/blog/password-not-provided/
CS 335: Special Topic in Cyber Security
User enumeration
17
CS 335: Special Topic in Cyber Security
Incorrect Resource Access
• Canonicalization
18
CS 335: Special Topic in Cyber Security
Incorrect Resource Access
• Verbose Errors
19
CS 335: Special Topic in Cyber Security
Memory Exhaustion Attacks
20
CS 335: Special Topic in Cyber Security
Storage Exhaustion Attacks
• Compact embedded systems
• Logging
21
CS 335: Special Topic in Cyber Security
CPU Exhaustion Attacks
• Algorithmic Complexity
22
CS 335: Special Topic in Cyber Security
CPU Exhaustion Attacks
• Configurable Cryptography
23
CS 335: Special Topic in Cyber Security
Format String Vulnerabilities
24
CS 335: Special Topic in Cyber Security
Command Injection
• password; xcalc
25
CS 335: Special Topic in Cyber Security
SQL Injection
26
https://hackerone.com/reports/150156/
https://hackerone.com/reports/31756/
CS 335: Special Topic in Cyber Security
Text-Encoding Character Replacement
• ASCII
• Unicode
27
https://hackerone.com/reports/52042/
CS 335: Special Topic in Cyber Security
Summary
• Many possible root causes
• Vulnerabilities appear in most surprise places
• Identifying vulnerabilities is complex
- Network protocols used
- Third party libraries
- Languages
28