5 Buffer Overflow Vulnerabilities in Popular Apps
The 2019 CWE Top 25 Most Dangerous Software Errors lists improper restriction of operations within the bounds of a memory buffer as the most critical weakness that leads to a dangerous vulnerability.
According to CWE by MITRE: “These weaknesses are often easy to find and exploit. They are dangerous because they will frequently allow adversaries to completely take over execution of software, steal data, or prevent the software from working.” That means buffer overflow is one of the common and dangerous bugs.
Let’s take a look at the recent detections of buffer overflow bugs in the popular applications and what damage they might have wreaked had they been discovered first by cybercriminals.
What is Buffer Overflow?
Buffer overflow (or buffer overrun) is an anomaly in a software wherein the program attempts to store more data in a buffer (memory store) than its default capacity, causing the buffer to overflow. It’s the same as if you tried to pour more water in a cup than its capacity, making the water overflow.
In computers, a buffer is a section of memory that’s allocated to store data. If the data overflow, it may corrupt the data (or neighboring data), crash the program or cause the execution of neighboring code (a malicious code, maybe!).
Popular Buffer Overflow Vulnerabilities
Here are some recent occurrences of buffer overflow vulnerabilities:
NVIDIA SHIELD TV
NVIDIA SHIELD TV is open to attacks, thanks to two vulnerabilities—including a buffer overflow bug—in devices running software versions prior to 8.0.1. NVIDIA released an update and requested users to patch their systems as soon as possible since the latest update “… addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges.”
The buffer overflow bug is identified as CVE‑2019‑5699. According to a security bulletin by NVIDIA, “NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution.”
macOS Catalina
macOS Catalina 10.15 fixes a number of vulnerabilities including a buffer overflow bug. According to ZDNet, the “… code execution flaw detected and resolved is CVE-2019-8745, a buffer overflow traced back to the UIFoundation component which could be triggered through malicious text files.”
UIFoundation is part of UIKit, the graphical interface framework that provides the necessary framework for iOS or tvOS apps. That means it’s a core part of the operating system; thus, a bug here poses the worst risks to the macOS users.
VPN Products
The U.S. National Security Agency (NSA), following the lead of the Canadian Centre for Cyber Security, recently warned admins about the months-old vulnerabilities currently utilized by attackers—mostly state-sponsored hacker groups. The security bugs are present in three popular VPN products, namely Pulse Secure, Palo Alto GlobalProtect and Fortinet Fortigate.
According to the NSA: “These vulnerabilities allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Other vulnerabilities in the series allow for interception or hijacking of encrypted traffic sessions.” Also, the situation is worse since their “exploit code is freely available online via the Metasploit framework, as well as GitHub. Malicious cyber actors are actively using this exploit code.”
WhatsApp, the most popular instant messenger, isn’t without vulnerabilities. Though the end-to-end encryption attracts more users—especially security enthusiasts—WhatsApp isn’t as secure as it’s marketed by Facebook.
A critical bug was discovered in May in WhatsApp VoIP, the feature responsible for audio and video calls, which allowed an attacker to take over a mobile device. The vulnerability was reported as a buffer overflow bug.
An attacker can call the target person and within minutes of the call (even if it’s a missed call), “… the phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details such as private messages and location and even turns on the camera and microphone to live-stream meetings,” according to the Financial Times.
In fact, the security bug can help an attacker gain complete access to a device, including its camera and microphone sensors and file storage.
Exim
Exim, a mail transfer agent (MTA) developed at the University of Cambridge, powers more than half of the world’s public mail servers. In September, a critical buffer overflow bug was reported as CVE-2019-16928—a heap-based buffer overflow bug in its string_vformat (string.c).
The vulnerability is very critical since it can allow threat actors to perform denial-of-service (DoS) and remote code execution (RCE) attacks. “It is through EHLO strings that a threat actor could exploit CVE-2019-16928 to perform malicious attacks, such as crashing the Exim process (resulting in DoS). Furthermore, a backdoor command used as an input for EHLO could lead to remote code execution,” according to TrendLabs Security Intelligence Blog.
Conclusion
It’s clear that no software comes without its vulnerabilities. So, the question arises: How can we defend against cyberattacks using buffer overflow?
First, update your systems regularly—it’s the only way to fix the vulnerabilities in software installed on your system. Then, if you’re a business owner, include in your security solution antivirus or endpoint protection along with a web firewall and a network security solution.
