Buffer%20Overflow - PowerPoint PPT Presentation

About This Presentation
Title:

Buffer%20Overflow

Description:

Buffer Overflow By: John Quach and Napoleon N. Valdez What is a buffer? A memory space allocated for used during execution. Frame of function void function(int a, int ... – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 13
Provided by: John4557
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Buffer%20Overflow


1
Buffer Overflow
  • By John Quach and
  • Napoleon N. Valdez

2
Buffer Overflow Basics
  • Allocate more data into a program than it was
    designed to support
  • Data that overflow to another region of the
    memory could be fatal
  • No outbound checking in C/C/Fortran

3
What is a buffer?
  • A memory space allocated for used during
    execution. Frame of function
  • void function(int a, int b)
  • char buffer15
  • void main()
  • function(1,2)

b
a
ret
SFP
buffer1
4
Simple Buffer Overflow Example
  • Show example

Static Variables
ret
B
C
D
E
SFP
A
A
A
A
buffer1
A
A
A
A
A
A
A
A
5
What happened?
  • function is called and parameter
    AAAAAAAAAAAABCDE? was passed
  • Since strcpy() does not check strings length,
    the function call caused a the buffer to overflow

6
Why is BO so dangerous?
  • Buffer can grow towards return address
  • Malicious code could be executed at the new
    address

7
Example
  • Exploit a program to execute a malicious program

DEEEEEEEEEEEE EEEE FFFF FFFF FFFF FFFF
F0123456789AB CDEF 0123 4567 89AB CDEF
buffer sfp ret a b
c MALICIOUSPROGRAM0xDF0x010x020x03
____________________
8
Buffer Overflow Exploit Example
  • Analyst crackme named weird.exe
  • Run the program and guess the serial
  • Find the correct serial using buffer overflow

9
Past BO exploits
  • Morris Internet worm
  • Code Red worm 2001
  • Blaster worm 2003
  • Internet Information Server (IIS)
  • Many more

10
How to Prevent Buffer Overflow
  • Always check bounds
  • Avoid scanf() and other dangerous library
    function call
  • Use strncpy instead
  • Automatic source code checking www.polyspace.com
    (Linux only)
  • Compiler add-ons www.immunix.org

11
Conclusion
  • Buffer Overflow is simply manipulating memory to
    gain control of a program
  • Buffer Overflow is hard to successfully execute
  • Hard to fix

12
Reference
  • Chuvakin, Anton and Peikari, Cyrus. Security
    Warrior. Reilly Associates Inc, 2004. pp.161-175
  • One, Aleph, "Smashing The Stack For Fun And
    Profit," Phrack,  Vol 7, Issue 49, File 14 of 16
Write a Comment
User Comments (0)
About PowerShow.com