CAPEC Details
Name Buffer Overflow via Environment Variables
Likelyhood of attack Typical severity
High High
Summary This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Prerequisites The application uses environment variables. An environment variable exposed to the user is vulnerable to a buffer overflow. The vulnerable environment variable uses untrusted data. Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer.
Execution Flow
Step Phase Description Techniques
1 Explore The attacker tries to find an environment variable which can be overwritten for instance by gathering information about the target host (error pages, software's version number, etc.).
2 Experiment The attacker manipulates the environment variable to contain excessive-length content to cause a buffer overflow.
3 Exploit The attacker potentially leverages the buffer overflow to inject maliciously crafted code in an attempt to execute privileged command on the target environment.
Solutions Do not expose environment variable to the user. Do not use untrusted data in your environment variables. Use a language or compiler that performs automatic bounds checking There are tools such as Sharefuzz [REF-2] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Related CAPECS
CAPEC ID Description
CAPEC-100 Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Taxonomy: OWASP Attacks
Entry ID Entry Name
Link Buffer Overflow via Environment Variables