- Business Security Articles
- Web Site Security Articles
- Directory Traversal
- Detect Integer Overflow in Web Applications
- Format String Vulnerability
- HTTP PUT Security
- HTTP Response Splitting
- How to Disable Directory Listing on a Web Server
- How to Hide Sensitive Files on Your Web Server
- How to hide X Server Values
- Improper Website Credential Settings
- Avoiding Attacker Supplied URL Vulnerabilities
- Character Set Security
- Cross Site Scripting (XSS) Attacks: Methodology and Prevention
- Data Security with JSON
- Missing or Incorrect Mime Types
- Mixed Content and SSL Security
- Prevent SQL Injection Attacks
- Preventing Cross Site Request Forgery (CSRF)
- Server Details - HTTP Header Information Security
- Server Error Messages
- Shell Injection and Command Injection Attack Vector
- Web Cache Security For Your Website
- XML Injection and XPath Injection
Detect Integer Overflow in Web Applications
What is Integer Overflow?
Integer Overflow is an attack from the dawn of computer programming based on the limitations of integer and number design. Computer languages make decisions based on how to store different types of information. Integers, for example, are often stored in a certain, predefined, number of bits and bytes. Going down into binary code for a moment, imagine that you only have 4 bits to store code, from 0000 (0) to 1111 (15). If a program was using 15 for some data, and then added a 1 to get 16, the binary would look like 10000. However, the computer language only looks at the last 4 binary digits, so the program sees 0000 - zero!
In reality, the numbers it would take to cause this same effect are much, much larger. Often, the range is not only positive numbers, but negative numbers as well. Thus, when a number "rolls over" as seen above, it would go to the smallest number, which may be negative or zero.
Imagine an attack scenario where a website asks a user to please put in a payment amount. The attacker knows that the application will take the balance and subtract the payment amount to get the new balance. An attacker could craft a special number which takes advantage of this roll over property to gain a negative balance without paying anything!
If the application uses the input integer values to do certain other tasks, such as read or write memory on a system, then this could allow an attacker to execute arbitrary code commands, and lead to complete system compromise. This is less seen in web applications then standard operating system applications. However, if your web application passes user defined integer values to an operating system program, that program may be vulnerable to these types of integer overflow attacks which can lead to system compromise, and should be carefully avoided.
How Does this Impact my Security?
Integer Overflows are harder to exploit then some other vulnerabilities scanned for on this site. However, they are some of the most serious vulnerabilities as they can be used to compromise the entire system, or modify data in unintended ways.
Preventing Integer Overflow
Many web languages are hardened against integer overflow attacks. They behave more as you might expect - returning the maximum value of an integer if the sum is too high rather than rolling over. The best way to prevent these types of attacks is to keep your software library up to date.
If this is not possible, and a site scan turns up integer overflow vulnerabilities, then you should carefully analyze both the user input and the operations put upon it. Defining a maximum and minimum value that make sense for your application is a good start. For payments, you may say no payment above a million dollars is accepted, and nothing below 0. Preventing users from putting other integer values into the system would prevent any integer overflow attacks on that data input.
Additional Resources
Detect Integer Overflow on Your Web Applicationj
Golem Technologies includes numerous different server setting scans to help you reduce your exposure to attack with thorough security scanning, including integer overflows. See how the Golem Scan can help your business today.
