WHAT IS BUFFER OVERFLOW?
A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Since buffers are created to contain a defined amount of data, the extra data can overwrite data values in memory addresses adjacent to the destination buffer unless the program includes sufficient bounds checking to flag or discard data when too much is sent to a memory buffer.
Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables. Buffer overflow always ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Despite being well understood, buffer overflows continue to plague software from vendors both large and small.
A buffer overflow can occur inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to a program that then attempts to store the input in a buffer that isn't large enough for that input. If the excess data is written to the adjacent buffer, it overwrites any data held there. If the original data includes the exploited function's return pointer -- the address to which the process should go next -- an attacker can set the new values to point to an address of his choosing. The attacker usually sets the new values to point to a location where the exploit payload has been positioned. This alters the execution path of the process and effectively transfers control to the attacker's malicious code.
Programming languages like C and C++ are prone to buffer overflow attacks as they have no built-in protection against accessing or overwriting data in any part of their memory and as actors can perform direct memory manipulation with common programming constructs. Modern programming languages like C#, Java and Perl reduce the chances of coding errors creating buffer overflow vulnerabilities, but buffer overflows can exist in any programming environment where direct memory manipulation is allowed, whether through flaws in the program compiler, runtime libraries or features of the language itself.
A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Since buffers are created to contain a defined amount of data, the extra data can overwrite data values in memory addresses adjacent to the destination buffer unless the program includes sufficient bounds checking to flag or discard data when too much is sent to a memory buffer.
Exploiting a buffer overflow allows an attacker to control or crash the process or to modify its internal variables. Buffer overflow always ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Despite being well understood, buffer overflows continue to plague software from vendors both large and small.
A buffer overflow can occur inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to a program that then attempts to store the input in a buffer that isn't large enough for that input. If the excess data is written to the adjacent buffer, it overwrites any data held there. If the original data includes the exploited function's return pointer -- the address to which the process should go next -- an attacker can set the new values to point to an address of his choosing. The attacker usually sets the new values to point to a location where the exploit payload has been positioned. This alters the execution path of the process and effectively transfers control to the attacker's malicious code.
Programming languages like C and C++ are prone to buffer overflow attacks as they have no built-in protection against accessing or overwriting data in any part of their memory and as actors can perform direct memory manipulation with common programming constructs. Modern programming languages like C#, Java and Perl reduce the chances of coding errors creating buffer overflow vulnerabilities, but buffer overflows can exist in any programming environment where direct memory manipulation is allowed, whether through flaws in the program compiler, runtime libraries or features of the language itself.
Comments
Post a Comment