Home > Articles > Programming > C/C++

  • Print
  • + Share This
This chapter is from the book

2.7. Notable Vulnerabilities

This section describes examples of notable buffer overflow vulnerabilities resulting from incorrect string handling. Many well-known incidents, including the Morris worm and the W32.Blaster.Worm, were the result of buffer overflow vulnerabilities.

Remote Login

Many UNIX systems provide the rlogin program, which establishes a remote login session from its user’s terminal to a remote host computer. The rlogin program passes the user’s current terminal definition as defined by the TERM environment variable to the remote host computer. Many implementations of the rlogin program contained an unbounded string copy—copying the TERM environment variable into an array of 1,024 characters declared as a local stack variable. This buffer overflow can be exploited to smash the stack and execute arbitrary code with root privileges.

CERT Advisory CA-1997-06, “Vulnerability in rlogin/term,” released on February 6, 1997, describes this issue.2 Larry Rogers provides an in-depth description of the rlogin buffer overflow vulnerability [Rogers 1998].

Kerberos

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.3

A vulnerability exists in the Kerberos 4 compatibility code contained within the MIT Kerberos 5 source distributions. This vulnerability allows a buffer overflow in the krb_rd_req() function, which is used by all Kerberos-authenticated services that use Kerberos 4 for authentication. This vulnerability is described further in the following:

It is possible for an attacker to gain root access over the network by exploiting this vulnerability. This vulnerability is notable not only because of the severity and impact but also because it represents the all-too-common case of vulnerabilities appearing in products that are supposed to improve the security of a system.

  • + Share This
  • 🔖 Save To Your Account

Sign Up for Our Newsletters

Subscribing to the InformIT newsletters is an easy way to keep in touch with what's happening in your corner of the industry. We have a newsletters dedicated to a variety of topics such as open source, programming, and web development, so you get just the information you need. Sign up today.