Difference between revisions of "Code Reuse"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1 = Rule 801378 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Software vulnerable to code reuse attacks }} = Summary = The vulnerabilit...")

Revision as of 16:26, 1 April 2020

Rule 801378
Status Active
Alert Message Software vulnerable to code reuse attacks

Contents

Summary

The vulnerability scanner has identified that the software in your environment is not adequately hardened and could be easily exploited by a remote attacker.

Description

The weakness that the Atomicorp platform has detected confirms that your system is vulnerable to a dangerous category of code reuse attacks. These attacks would allow an attacker to use the code in the software for an unintended purpose and thus take over the system. From there, they could remotely execute the code of their choice and cause significant damage. Example attacks could be privilege escalation, traversing to other areas of your environment, direct damage to the system causing downtime or data exfiltration...among others.

Even though the software developer for this system may have good security practices in place, using rigorous code scanning, pen testing and the like, vulnerabilities still exist. Upgrading to the latest security patch does not ensure that your systems are hardened to the fullest extent necessary.

Solution

Atomicorp has partnered with RunSafe Security to harden your system from these types of attacks. RunSafe has built a software transformation engine called Alkemist which immunizes code from these types of vulnerabilities. Alkemist can apply protections directly to your system’s code and thereby render code reuse attacks inert. Our scans indicate that this vulnerable system is an ideal candidate for Alkemist protections and can be easily deployed in place of the current system.

To initiate the hardening process, please click here to contact your Atomicorp Representative.

For additional information on RunSafe Alkemist, please visit www.runsafesecurity.com


Troubleshooting

False Positives

None.

Tuning Guidance

None.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes

None.

Personal tools