STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 4 Release: 9 Benchmark Date: 25 Jan 2019: The application must not be vulnerable to overflow attacks.

DISA Rule

SV-84899r1_rule

Vulnerability Number

V-70277

Group Title

SRG-APP-000450

Rule Version

APSC-DV-002590

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Design the application to use a language or compiler that performs automatic bounds checking.

Use an abstraction library to abstract away risky APIs.

Use compiler-based canary mechanisms such as StackGuard, ProPolice, and the Microsoft Visual Studio/GS flag.

Use OS-level preventative functionality and control user input validation.

Patch applications when overflows are identified in vendor products.

Check Contents

Review the application documentation and architecture.

Interview the application admin and identify the most recent code testing and analysis that has been conducted.

Review the test results; verify configuration of analysis tools are set to check for the existence of overflows. This includes but is not limited to buffer overflows, stack overflows, heap overflows, integer overflows and format string overflows.

If overflows are identified in the test results, verify the latest test results are being used, if not, ensure remediation has been completed.

If the test results show overflows exist and no remediation evidence is presented, or if test results are not available, this is a finding.

Vulnerability Number

V-70277

Documentable

False

Rule Version

APSC-DV-002590

Severity Override Guidance

Review the application documentation and architecture.

Interview the application admin and identify the most recent code testing and analysis that has been conducted.

Review the test results; verify configuration of analysis tools are set to check for the existence of overflows. This includes but is not limited to buffer overflows, stack overflows, heap overflows, integer overflows and format string overflows.

If overflows are identified in the test results, verify the latest test results are being used, if not, ensure remediation has been completed.

If the test results show overflows exist and no remediation evidence is presented, or if test results are not available, this is a finding.

Check Content Reference

M

Target Key

3009

Comments