Page 10 - Cyber Warnings
P. 10
library, and executable code. The same exploit found by the source analysis is straightforward
in the binary analysis.
Figure 4 shows the warning from using a function known to read data from outside the process,
and Figure 5 shows this data being used in a call to system(x).
The compiler has completely stripped away any obfuscation in the source.
Figure 4: CodeSonar's binary analysis reveals the same vulnerability as the source analysis.
Figure 5: The command injection warning from calling system() with unchecked data read from
a socket. In this case, the vulnerability is obvious due to compilation process - obfuscation via
multiple macro definitions is removed.
Advantages of Hybrid Source and Binary Static Analysis
The Unreal IRCD vulnerability is a clear example of how static analysis in general (both source
and binary) can detect such vulnerabilities, and also a great example of how binary analysis can
detect errors that might be obfuscated in source or added maliciously after compilation.
10 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
