MAAS History
Archives
« Bonjour Update 2010-001 | Main | Critical Vulnerabilities In Adobe Illustrator CS4 and CS3 »
Sunday
Jan102010

Buffer Overflow in libc/strtod

There is a proof of concept (POC) related libc/strtod and dtoa.c implementation in BSD which Apple is aware of for over six months. MacOSX is a hybrid kernel based on Mach 3.0 and FreeBSD, so yes it is BSD. This makes it susceptible to various bugs and exploits that also can affect BSD implementations. SecurityReason.com has posted a security alert and the POC code related to the buffer overflow on BSD indicating that it could result in DOS (System Crash) or malisious code execution. They have also included Mac OSX in this alert along with the POC posted. 

 Fig. 1

The execution of arbitrary code cannot be accomplished using the printf function on the heap as stated on Securityreason.com, they maintain that MacOSX may be vulnerable. I have test the and other functions such as asprintf, vprint and sprintf. (Fig. 1) Open BSD and Mac OSX do ship with Executable Space Protection which does prevent the execution of code on the heap. Code does not need to execute on the heap but it is a far less labor intensive and and a reliable approach for attackers. Calls can be made back to libraries, this allows a buffer overflow a way around Executable Space Protection. (Return to libc is common method.)

The best defense to these kinds of exploits is to only install software from trusted sources, check the sources and do not run them as an admin user. For day to day task (Word Processing, Web, Mail, etc.) you should never be logged in as a privileged user. From a development standpoint secure coding practices are important. Lack of verification and validation can lead to a host of errors, secure development process should be used. Still, there is plenty of poorly written code that miss handles memory, validation and verification. If you do not trust the source for any reason you should not install the software.

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (2)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.