Many application attacks take advantage of vulnerabilities in a system’s memory. Because of this, it’s important for developers to use secure memory management techniques within their code. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of application vulnerabilities, including some common memory issues related to applications.
For example, can you answer this practice test question?
Q. An attacker is attempting to write more data into a web application’s memory than it can handle. Which type of attack is this?
A. XSRF
B. DLL injection
C. Pass the hash
D. Buffer overflow
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
Memory Leak
A memory leak is a bug in a computer application that causes the application to consume more and more memory the longer it runs. In extreme cases, the application can consume so much memory that the operating system crashes.
Memory leaks are typically caused by an application that reserves memory for short-term use, but never releases it. As an example, imagine a web application collects user profile data to personalize the browsing experience for users. However, it collects this data every time a user accesses a web page and it never releases the memory used to store the data. Over time, the web server will run slower and slower and eventually need to be rebooted.
Integer Overflow
An integer overflow attack attempts to use or create a numeric value that is too big for an application to handle. The result is that the application gives inaccurate results. As an example, if an application reserves 8 bits to store a number, it can store any value between 0 and 255. If the application attempts to multiply two values such as 95 × 59, the result is 5,605. This number cannot be stored in the 8 bits, so it causes an integer overflow error. It’s a good practice to double- check the size of buffers to ensure they can handle any data generated by the applications.
In some situations, an integer overflow error occurs if an application expects a positive number, but receives a negative number instead. If the application doesn’t have adequate error- and exception-handling routines, this might cause a buffer overflow error.
Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important. Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes: Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it. If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide is an update to the top-selling SY0-201, SY0-301, SY0-401, and SY0-501 study guides, which have helped thousands of readers pass the exam the first time they took it. It includes the same elements readers raved about in the previous four versions.
Buffer Overflows
A buffer overflow occurs when an application receives more input, or different input, than it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible. Normally, an application will have access only to a specific area of memory, called a buffer. The buffer overflow allows access to memory locations beyond the application’s buffer, enabling an attacker to write malicious code into this area of memory.
The buffer overflow exposes a vulnerability, but it doesn’t necessarily cause damage by itself. However, once attackers discover the vulnerability, they exploit it and overwrite memory locations with their own code. If the attacker uses the buffer overflow to crash the system or disrupt its services, it is a DoS attack.
More often, the attacker’s goal is to insert malicious code in a memory location that the system will execute. It’s not easy for an attacker to know the exact memory location where the malicious code is stored, making it difficult to get the computer to execute it. However, an attacker can make educated guesses to get close.
The malicious code varies. In some instances, the attackers write code to spread a worm through the web server’s network. In other cases, the code modifies the web application so that the web application tries to infect every user who visits the web site with other malware. The attack possibilities are almost endless.
Buffer Overflow Attacks
A buffer overflow attack includes several different elements, but they happen all at once. The attacker sends a single string of data to the application. The first part of the string causes the buffer overflow. The next part of the string is a long string of NOPs followed by the attacker’s malicious code, stored in the attacked system’s memory. Last, the malicious code goes to work.
In some cases, an attacker writes a malicious script to discover buffer overflow vulnerabilities. For example, the attacker could use JavaScript to send random data to another service on the same system.
Although error-handling routines and input validation go a long way to prevent buffer overflows, they don’t prevent them all. Attackers occasionally discover a bug allowing them to send a specific string of data to an application, causing a buffer overflow. When vendors discover buffer overflow vulnerabilities, they are usually quick to release a patch or hotfix. From an administrator’s perspective, the solution is easy: Keep the systems up to date with current patches.
DLL Injection
Applications commonly use a Dynamic Link Library (DLL) or multiple DLLs. A DLL is a compiled set of code that an application can use without re-creating the code. As an example, most programming languages include math-based DLLs. Instead of writing the code to discover the square root of a number, a developer can include the appropriate DLL and access the square root function within it.
DLL injection is an attack that injects a DLL into a system’s memory and causes it to run. For example, imagine an attacker creates a DLL named malware.dll that includes several malicious functions. In a successful DLL injection attack, the attacker attaches to a running process, allocates memory within the running process, connects the malicious DLL within the allocated memory, and then executes functions within the DLL.
Q. An attacker is attempting to write more data into a web application’s memory than it can handle. Which type of attack is this?
A. XSRF
B. DLL injection
C. Pass the hash
D. Buffer overflow
Answer is D. One type of buffer overflow attack attempts to write more data into an application’s memory than it can handle.
None of the other answers are directly related to overloading the application’s memory.
A cross-site request forgery (XSRF) attack attempts to launch attacks with HTML code.
A Dynamic Link Library (DLL) injection attack injects a DLL into memory and causes it to run.
A pass the hash attack attempts to discover a password.
See Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on advanced attacks.
1 thought on “Memory Management Techniques”