1 / 12

Buffer Overflow

Buffer Overflow. By: John Quach and Napoleon N. Valdez. Buffer Overflow Basics. Allocate more data into a program than it was designed to support Data that overflow to another region of the memory could be fatal No outbound checking in C++/C/Fortran. What is a buffer?.

malaya
Télécharger la présentation

Buffer Overflow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Buffer Overflow By: John Quach and Napoleon N. Valdez

  2. Buffer Overflow Basics Allocate more data into a program than it was designed to support Data that overflow to another region of the memory could be fatal No outbound checking in C++/C/Fortran

  3. What is a buffer? • A memory space allocated for used during execution. Frame of function void function(int a, int b) { char buffer1[5]; } void main() { function(1,2); } b a ret SFP buffer1

  4. Simple Buffer Overflow Example • Show example Static Variables ret B C D E SFP A A A A buffer1 A A A A A A A A

  5. What happened? • function is called and parameter “AAAAAAAAAAAABCDE?” was passed • Since strcpy() does not check string’s length, the function call caused a the buffer to overflow

  6. Why is BO so dangerous? • Buffer can grow towards return address • Malicious code could be executed at the new address

  7. Example • Exploit a program to execute a malicious program DEEEEEEEEEEEE EEEE FFFF FFFF FFFF FFFF F0123456789AB CDEF 0123 4567 89AB CDEF buffer sfp ret a b c [MALICIOUSPRO][GRAM][0xDF][0x01][0x02][0x03] ^ | |____________________|

  8. Buffer Overflow Exploit Example • Analyst crackme named weird.exe • Run the program and guess the serial • Find the correct serial using buffer overflow

  9. Past BO exploits • Morris Internet worm • Code Red worm 2001 • Blaster worm 2003 • Internet Information Server (IIS) • Many more

  10. How to Prevent Buffer Overflow • Always check bounds • Avoid scanf() and other dangerous library function call • Use strncpy instead • Automatic source code checking www.polyspace.com (Linux only) • Compiler add-ons www.immunix.org

  11. Conclusion • Buffer Overflow is simply manipulating memory to gain control of a program • Buffer Overflow is hard to successfully execute • Hard to fix

  12. Reference • Chuvakin, Anton and Peikari, Cyrus. Security Warrior. Reilly Associates Inc, 2004. pp.161-175 • One, Aleph, "Smashing The Stack For Fun And Profit," Phrack,  Vol 7, Issue 49, File 14 of 16

More Related