Buffer Overflow

BUFFER OVERFLOW (BOF)

In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous state where a process tries to save information beyond the boundaries of a fixed-length buffer. The result is that next memory locations are overwritten by the additional information. The overwritten data can sometimes include other buffers, variants and application flow info, and might lead to unpredictable program behavior, a memory access exception, application termination (a crash), wrong results or particularly if deliberately the result of a malicious user a potential violation of system security.

 

WHY BOF?

Programming languages C and C++ are most frequently related to buffer overflows, since they supply no built in protection against accessing or overwriting data in almost any portion of memory and don’t assess that data written to an array (the built in buffer kind) is within the bounds of that array. A buffer overflow happens when due to inadequate bounds checking, data written into a buffer, corrupts data values in memory addresses adjoining to the allocated buffer. Most generally this happens when duplicating strings of characters from one buffer to another. ¬†Buffer overflows can be activated by inputs specifically made to make the application operate in an unintended manner or to run malicious code. Therefore, many software vulnerabilities are caused by buffer overflows and form the cornerstone of numerous exploits. Buffer overflows can be prevented by sufficient bounds checking the runtime, the compiler or from the programmer.

 

Varieties of Buffer overflows:

In generic kind there are fundamentally two kinds of buffer overflows

## Stack based buffer overflows

##Heap based buffer overflows

 

1. STACK BASED BUFFER OVERFLOWS:

In software, a stack buffer overflow occurs when a program writes on the call stack outside of the planned data structure; typically a fixed length buffer of the program into a memory address. Stack buffer overflow bugs are caused when a program writes more data into a buffer than there was really allocated for that buffer located on the stack. This will often cause this program to crash nearly always results in corruption of next info on the stack, and in instances where the overflow was triggered by error or work incorrectly. This kind of overflow is part of the more general category of programming bugs referred to as buffer overflows. That is one of the more reliable and earliest means of black hats to gain unauthorized access to a pc.

2. HEAP BASED BUFFER OVERFLOWS:

A heap overflow is a sort of buffer overflow occurring in the heap information place. Memory on the heap is dynamically allocated by the application at run time and generally comprises program info.

 

EXPLOITATION:

1. STACK-BASED EXPLOITATION:

A technically inclined and malicious user may use stack-based buffer overflows to control this program in one of several manners:

## By overwriting the return address in a stack frame. As defined by the attacker, usually a user input filled buffer, when the function returns, execution will restart in the return address.

## By overwriting a local variable that is near the buffer in memory on the stack to change the behavior of the program which may benefit the attacker.

## By overwriting a function pointer, or exception handler, which is subsequently executed.

Using a method called Trampolining, if the address of the user-supplied information is unknown, but the location is saved in a register, and then the return address can be overwritten with the address of an opcode that will cause execution to jump to the user provided data. In the event the location is kept in a register R, then a jump to the location containing the opcode for call R, a jump R or similar instruction, will cause execution of user supplied info. Bytes in memory, or the locations of opcodes that were suitable, could be found in the executable or DLLs itself. Nevertheless the address of the opcode commonly cannot contain any null characters and also the locations of those opcodes can differ between versions and programs of the operating system. The Metasploit Project is one such database of suitable opcodes, though only those located in the Windows operating system are recorded.

 

2. HEAP-BASED EXPLOITATION:

A buffer overflow occurring in the pile information area is known as a heap overflow and is exploitable in a different manner to that of stack-based overflows. Memory on the pile is allocated by the application at run time and usually contains software info. Exploitation is performed by corrupting this info in ways that were particular to cause the application to overwrite inner structures. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as MMC – Malloc Meta data) and uses the resulting pointer exchange to overwrite a program function pointer.

 

COUNTERMEASURES:

Various techniques have been employed to discover or prevent buffer overflows, with various tradeoffs. The most dependable strategy to prevent or avoid buffer overflows will be to make use of automatic protection at the language level. This sort of protection, nevertheless, cannot be applied to legacy code, and often technical, business, or cultural constraints call for a language that is vulnerable.

 

Following are methods or the picks to prevent buffer overflows:

1. Choice of cure programming languages like java, .Net

2. Address space layout randomization

3. Use of safe libraries

4. Executable space protection

5. Parameter sanitization

6. Deep packet inspection

Leave a Reply

Your email address will not be published. Required fields are marked *