Netinfo Security ›› 2017, Vol. 17 ›› Issue (5): 14-21.doi: 10.3969/j.issn.1671-1122.2017.05.003

• Orginal Article • Previous Articles     Next Articles

Automatic Exploitation of Integer Overflow Vulnerabilities in Binary Programs

Jianshan PENG1,2(), Qi XI1,2, Qingxian WANG1,2   

  1. 1. PLA Information Engineering University, Zhengzhou Henan 450002, China
    2. State Key Laboratory of Mathematics Engineering and Advanced Computing, Zhengzhou Henan 450002, China
  • Received:2017-04-15 Online:2017-05-20 Published:2020-05-12

Abstract:

Integer overflow vulnerabilities have become the second largest threat to software security. The existing tools for mining integer overflow vulnerability do not support automatic exploitation. Neither do the automatic exploitation tools support integer overflow vulnerability. To fill the gaps we proposes an automatic exploitation method of integer overflow vulnerabilities in binary programs. Aiming at the valuable IO2BO vulnerability of integer overflow, firstly trying to avoid crashing in the process of buffer overflow, which would make hijacking control-flow fail. Secondly building suspicious taint set to reduce the scope of taints. Thirdly collecting the loops condition of reading and writing memory by taint analysis and symbolic execution. Lastly overwriting the critical data in the stack and heap by controlling the number of loops and generating new samples for testing by solving constraint. The proposed method can transform the automatic exploitation of IO2BO vulnerability into that of traditional buffer overflow vulnerability. The test results show that this method work well for the typical IO2BO vulnerabilities and could generate new samples for hijacking the control-flow of testing programs.

Key words: vulnerability exploitation, symbolic execution, taint analysis, integer overflow, buffer overflow

CLC Number: