Buffer Overflow
Introduction
The buffer overflow is the
primary means for exploiting software.
Programming languages such as C and C++ have poor memory management
mechanisms. In fact, C/C++ are
considered type unsafe languages.
It is easy for code to access memory locations that they should not have
access to. There are no automatic
bounds checking for buffers in C/C++.
Buffer overflows can be avoided, but most programmers are unaware of
this security issue.
Stack
Overflow
The most common type of buffer
overflow is the stack overflow.
Stack overflows are usually a result of badly designed string routines
in C. C handles its strings using
a null terminated character Ô\0Õ for each string. C relies on the user to supply this null terminating character. If this null character is omitted then
it will cause the program to crash.
This can allow the attacker to inject remote code into the machine. Via buffer overflow injections in
conjunction with a debugger, an attacker can locate points in memory where he
can remove security protections and cause memory corruption.
Simple
Stack Overflow Example
During a function call, the
function parameters are first pushed onto the stack, followed by the return
address, followed by a frame pointer.
The frame pointer is used to reference function parameters and local
automatic variables. Finally, the
function pointer is followed by the automatic or local variables.
If a string that has greater
length than the buffer that is allocated for it, the program will behave
unexpectedly. The additional
overflow bytes run past the allocated space of the buffer on the stack and
overwrite the frame pointer, return address and the automatic variables causing
a corrupt stack. Since during a
buffer overflow the return address gets overwritten, the attacker is able to
change the logical flow of the program.
Thus, an attacker can inject
his own code into the overflow buffer area. By overwriting the return address to point back to the
buffer, the attackerÕs code would then be executed. Code injection can occur via environment variables or input
parameters of the program.
Links