Buffer Overflow. What is it?

Buffer Overflow. What is it?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Buffer Overflow. What is it? Tascien 05-19-2004
Posted by Tascien on May 19, 2004, 5:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,

I saw so many buffer overflow attacks on Windows OS. Up to this time,
I don't understand how buffer overflow works???? Quite often on
Microsoft Security Bulletins they say: 'unchecked buffer overrun could
allow the attacker to take full control of your computer... blah
bleh...'

1. How does it happen
2. How can such event allows an attacker to put a program on the
victim computer in order to take full control of the machine?

Can anyone please xplain?

Tascien


Posted by Bill Unruh on May 20, 2004, 12:24 am
If you were  Registered and logged in, you could reply and use other advanced thread options
tascienu@ecoaches.com (Tascien) writes:

]Hello,

]I saw so many buffer overflow attacks on Windows OS. Up to this time,
]I don't understand how buffer overflow works???? Quite often on
]Microsoft Security Bulletins they say: 'unchecked buffer overrun could
]allow the attacker to take full control of your computer... blah
]bleh...'

]1. How does it happen
]2. How can such event allows an attacker to put a program on the
]victim computer in order to take full control of the machine?

In all systems in common use (eg C) many of the variables are placed on
the stack. Also placed on the stack are the return addresses of
subroutines. The stack grows from the top down, so the return address of
the subroutines are above the memory allocated for variables used in
that subroutine . If you
write beyond the end of an array, that data will be written above the
area allocated for that array. If you write enough, it will be written
over the memory cells on the stack containing the return address.
Youjust make sure that instead of the right return address you replace
it with an address pointing to code you want the computer to run
instead. Thus at the end of the subroutine, the system will issue a
return call, grab that address and jump to it. It is not your code. Thus
your code is now running instead of the original programs code. If the
program was running as root, so is your code, and you can have it do
anything you want. Including erasing the whole disk, or sending
pornography to George Bush.

Why does the system allow writing beyond the end of an array? C does,
unless you use functions which do not. It is just bad programming. You
should always check the length of data you write to an array. But what
many will do is to allocate say 256 bytes for input data, and then
simply copy all the input data given to the routine into that array. If
the input data is 10496 bytes long, it will copy 10496 bytes into a 256
byte array. Instead of telling the system to only copy at most 256
bytes which a competent programmer would do.



Similar ThreadsPosted
format string and buffer overflow April 10, 2005, 11:25 pm
SSRT4779 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow August 25, 2004, 5:31 am
SSRT4867 Netscape Directory Server on HP-UX LDAP remote buffer overflow December 24, 2004, 12:49 pm
SSRT4867 rev.1 Netscape Directory Server on HP-UX LDAP remote buffer overflow December 24, 2004, 4:56 pm

The site map in XML format XML site map

Contact Us | Privacy Policy