SQ18110
Detected Linux executable files that might ineffectively generate the security cookie value, making the buffer overrun vulnerability mitigation protection less effective.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
pass | medium | medium | None | hardening: warning Reason: mitigation effectiveness issues |
About the issueโ
The stack canary is a special value written onto the stack that allows the operating system to detect and terminate the program if a stack overrun occurs. The user can override the stack canary implementation, which makes it possible for the attacker to reconstruct the canary and render the mitigation ineffective.
How to resolve the issueโ
- Good practice is to leave the stack canary implementation to the compiler, since modern compilers will take adequate measures to prevent the stack cookie from being trivially determined.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Stack Canaries (External resource - CTF101)
- Security Cookies (External resource - Invicti)