Access Millions of academic & study documents

9 Explain how an integer overflow works, in contrast to the stack b

Content type
User Generated
Showing Page:
1/6
9. Explain how an integer overflow works, in contrast to the
stack-based buffer overflow.
Solution
Integer Overflow:
An integer overflow condition exists when an integer,
which has not been properly sanity checked, is used in the
determination of an offset or size for memory allocation,
copying, concatenation, or similarly. If the integer in
question is incremented past the maximum possible value,
it may wrap to become a very small, or negative number,
therefore providing a very incorrect value.
Consequences:
Exposure period:
Platform:
Languages: C, C++, Fortran, Assembly
Operating platforms: All
Integer overflows are for the most part only problematic
in that they lead to issues of availability. Common
instances of this can be found when primitives subject to
overflow are used as a loop index variable.

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/6
In some situations, however, it is possible that an integer
overflow may lead to an exploitable buffer overflow
condition. In these circumstances, it may be possible for
the attacker to control the size of the buffer as well as the
execution of the program.
Recently, a number of integer overflow-based, buffer-
overflow conditions have surfaced in prominent software
packages. Due to this fact, the relatively difficult to exploit
condition is now more well known and therefore more likely
to be attacked. The best strategy for mitigation includes: a
multi-level strategy including the strict definition of proper
behavior frequent sanity checks; preferably at the object
level; and standard buffer overflow mitigation techniques.
Not accounting for integer overflow can result in logic
errors or buffer overflow.
Integer overflow errors occur when a program fails to
account for the fact that an arithmetic operation can result
in a quantity either greater than a data type\'s maximum
value or less than its minimum value. These errors often
cause problems in memory allocation functions, where
user input intersects with an implicit conversion between
signed and unsigned values. If an attacker can cause the
program to under-allocate memory or interpret a signed
value as an unsigned value in a memory operation, the
program may be vulnerable to a buffer overflow.

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/6

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 6 pages?
Access Now
Unformatted Attachment Preview
9. Explain how an integer overflow works, in contrast to the stack-based buffer overflow. Solution Integer Overflow: An integer overflow condition exists when an integer, which has not been properly sanity checked, is used in the determination of an offset or size for memory allocation, copying, concatenation, or similarly. If the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value. Consequences: Exposure period: Platform: Languages: C, C++, Fortran, Assembly Operating platforms: All Integer overflows are for the most part only problematic in that they lead to issues of availability. Common instances of this can be found when primitives subject to overflow are used as a loop index variable. In some situations, however, it is possible that an integer overflow may lead to an exploitable buffer overflow condition. In these circumstances, it may be possible f or the attacker to control the size of the buffer as well as the execution of the program. Recently, a number of integer overflow -based, bufferoverflow conditions have surfaced in prominent software packages. Due to this fact, the relatively difficult to exploit condition is now more well known and therefore more likely to be attacked. The best strategy for mitigation includes: a multi-level strategy including the strict definition of proper behavior frequent sanity checks; preferably at the object level; a ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Studypool
4.7
Indeed
4.5
Sitejabber
4.4