An Evaluation of XML Associated Vulnerabilities in the Xerces-C++ Parser

Loading...
Thumbnail Image

Journal Title

Journal ISSN

Volume Title

Publisher

Access

Embargo end date

Citation

Abstract

One of the key concerns to the adoption of XML as the de facto standard for information representation is security. This has clear concerns for the continued success ofWeb Services as many elements of Web Services are XML based. XML parsers are present in all XML based applications and therefore any security vulnerability discovered in a parser is a serious threat to all applications of which it is a component. This thesis concerns itself with the analysis of the Xerces-C++ (Xerces) parser. It deals explicitly with vulnerabilities that could be exploited by an attacker, for uses such as crashing or gaining privileges on applications that incorporate Xerces. Xerces was chosen as it is open source, is widely available and is written in a non-typesafe language, i.e. C++. Using a static analysis tool, ITS4, two separate buffer overflows were discovered. The first buffer overflow, a heap based overflow, was caused by the use of the insecure C function strcat()and could be effected by the use of the schemaLocation attribute in an XML document or schema. The second buffer overflow, a stack based overflow, was caused by the use of the insecure C function strcpy() and could be effected using Xerces error messages location setting. The same method which caused the first overflow in Xerces, was then tested on two applications which incorporated Xerces as a component. The two applications were Berkeley DB XML and Xalan-C++. Both applications crashed, suffering the same buffer overflows as was observed in Xerces. The results showed that there are indeed vulnerabilities in Xerces, which can be used to cause buffer overflows in and crash applications that use Xerces as a parser. Unless addressed these kinds of vulnerabilities could have serious repercussions for the future of XML and XML based applications.

Description

Endorsement

Review

Supplemented By

Referenced By

Type of material: Masters (Taught)