UCF STIG Viewer Logo

The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6165 APP3590 SV-6165r1_rule DCSQ-1 High
Description
Buffer overflow attacks occur when improperly validated input is passed to an application overwriting of memory. Usually, buffer overflow errors stop execution of the application causing a minimum of denial of service and possibly a system call to a command shell giving the attacker access to the underlying operating system.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-3049r1_chk )
Ask the application representative for code review or scan results from the entire application. This can be provided as results from an automated code review or a vulnerability scanning tool. See section 5.4 of the Application Security and Development STIG for additional details.

If the results are provided from a manual code review, the application representative will need to demonstrate how buffer overflow vulnerabilities and functions vulnerable to buffer overflows are identified during code reviews.

1) If test results are not provided or the application representative cannot demonstrate how manual code reviews are performed to identify buffer overflow vulnerabilities, this is a finding.

*Note: For IPV6 capable applications, check existing libraries to ensure they are capable of processing the increased size of IPv6 addresses to avoid buffer overflows.
Fix Text (F-17110r1_fix)
Modify the application to protect against buffer overflows vulnerabilities.