Buffer Overflow Buffer Overflow Attacks by ghkgkyyt

VIEWS: 33 PAGES: 3

									                                                                      9/13/10




                         Buffer Overflow



                                         Laurie Williams
                                      williams@csc.ncsu.edu




                  Buffer Overflow Attacks
•  Condition: A buffer overflow attack occurs when
   software permits read or write operations on
   memory located outside of an allocated range.
•  Consequence:
     –  If the attacker can overwrite a pointer's worth of memory
        (usually 32 or 64 bits), he can redirect a function pointer
        to his own malicious code. Even when the attacker can
        only modify a single byte, arbitrary code execution can be
        possible.
     –  An attacker may be able to access/modify sensitive
        information, cause the system to crash, alter the intended
        control flow, or execute arbitrary code.
http://cwe.mitre.org/data/definitions/119.html




                                                                           1
                                                                                9/13/10




                                Buffer Overflow



•  Condition: A buffer overflow attack occurs when software permits read
   or write operations on memory located outside of an allocated range.
•  Consequence:
    –  If the attacker can overwrite a pointer's worth of memory (usually 32
       or 64 bits), he can redirect a function pointer to his own malicious
       code. Even when the attacker can only modify a single byte, arbitrary
       code execution can be possible.
    –  An attacker may be able to access/modify sensitive information, cause
       the system to crash, alter the intended control flow, or execute
       arbitrary code.




                        Basic buffer overflow




  http://upload.wikimedia.org/wikipedia/commons/thumb/d/d0/
  Buffer_overflow_basicexample.svg/502px-Buffer_overflow_basicexample.svg.png




                                                                                     2
                                                                                  9/13/10




                Misuse of Runtime Stack




                   Before attack                                   After attack


   http://cis.stvincent.edu/html/tutorials/swd/professional.html




                 Preventing Buffer Overflow
•  Use a language with features that can automatically mitigate or eliminate
   buffer overflows such as:
    –  those that do their memory management (ex. Java and Perl)
    –  those that provide overflow protection (ex. Ada and C#)
•  Always do bounds checking on arrays.
•  Always do bounds checking on pointer arithmetic.
•  Be wary that a language's interface to native code and libraries may still
   be subject to overflows, even if the language itself is theoretically safe.
•  Run or compile your software using features or extensions that
   automatically provide a protection mechanism that mitigates or
   eliminates buffer overflows.
    –  Example: the Microsoft Visual Studio /GS flag
•  Before you copy to, format, or send input to a buffer make sure it is big
   enough to hold whatever might be thrown at it.
•  Be paranoid about old code.
•  Check with static analysis tools




                                                                                       3

								
To top