Ability To Detect When Exploits Try To Deliver Payload And Sbox Payload [M1276]

Citizen_K · September 27, 2014, 11:47pm

CIS has buffer overflow protection. it often gets forgotten as the focus of development is not with other aspects of the suite.

Melih post:1:

What is a Buffer Overflow attack?

…excerpt from Buffer overflow - Wikipedia
"
In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.

A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows."

Features :

Detection of Buffer Overflows which occur in the STACK memory,

Detection of Buffer Overflows which occur in the HEAP memory,

Detection of ret2libc attacks,

Full 32 bit and 64 bit Support,

Melih

From what I remember is that these three are the most common ones. Getting other buffer overflows covered is technically very challenging.

Like Chrion I would also be interested to learn about exploits that are able to bypass CIS.