AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Native Code Interaction

Attackers can exploit low-level vulnerabilities such as buffer overflows by leveraging interaction through native code

Severity

Low

Fix Cost

Medium

Trust Level

Medium
< !-- tabs -->

Abilities prepared by using unmanaged DLLs can be called from managed code in .NET environment. This is a great flexibility and a necessity since there’s a huge legacy functions that should be utilized and middleware code still using unmanaged technology.

The code below is an example of such a call;

                                     
using System;
using System.Runtime.InteropServices;

class Program
{

[DllImport("Legacy.dll", CallingConvention = CallingConvention.Cdecl)]
public static extern bool Transact([MarshalAs(UnmanagedType.LPStr)]string path);
 
static void Main(string[] args)
{
// read user input as path    
bool ret = Transact(path);
}
}
                   
            

If the DLL imported has a buffer overflow vulnerability, which is a dreaded vulnerability that leads to total system ownage that is historically used throughout the decades by the hackers, then the input path feeded into it may be enough to exploit it.

Abilities prepared by using natively written applications can be called from within JAVA environment. This is a great flexibility and a necessity since there’s a huge legacy functions that should be utilized and middleware code still using unmanaged technology.

The code below is an example of such a call;


public class InteractNative {
public native void run(String path, int num);

static 
{
System.loadLibrary("NativeImpl"); 
}

public static void main (String[] args) {
InteractNative interactNative = new InteractNative();
interactNative.run(args[0], Integer.parseInt(args[1]));
}
}
    

If the native application imported has a buffer overflow vulnerability, which is a dreaded vulnerability that leads to total system ownage that is historically used throughout the decades by the hackers, then the first argument input path feeded into it may be enough to exploit it.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!