SQ18109
Detected Linux executable files that use a deprecated method to store the security cookie, making the buffer overrun vulnerability mitigation protection less effective.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | medium | None | hardening: warning Reason: mitigation effectiveness issues |
About the issueโ
Stack canary is a special value written onto the stack that allows the operating system to detect and terminate the program if a stack overrun occurs. Older compilers might generate stack cookies in a way that makes it possible to determine their value, allowing the attacker to render the mitigation ineffective.
How to resolve the issueโ
- In GCC, you can enable the stack canary with -fstack-protector-strong or -fstack-protector-all flag, but it may also be enabled by default in more recent versions of the compiler.
- Consider upgrading your compiler.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Buffer Overflow Attack (External resource - Imperva)
- Stack Canaries (External resource - CTF101)
- Security Cookies (External resource - Invicti)