Tuesday, 16 August 2011

Buffer Overflow

Buffer Overflow

A buffer overflow occurs when a computer application attempts to assign data in a data structure past the point that the structure is designed to store information. In the classic case, a buffer is designed as a sequential section of memory assigned to contain the information. The type of information can vary from an array of integers to objects. When information is stored outside of the allocated block of memory, the program can be crashed or computer malware can be executed.

Why Are Buffer Overflows Dangerous?

Buffer overflows are best known from the software security vulnerabilities they create. They are often used to attack new web and stand-alone applications as well as legacy programs. Although it is difficult to discover a buffer overflow vulnerability, a number of attackers have identified buffer overflow vulnerabilities in a variety of products and web resources. Once identified, the vulnerability can be used to execute computer malware on targeted computers putting end-user’s and companies at-risk of attack.
How Does a Buffer Overflow Work?

In the classic exploit, the person attacking the program or system will send information to the targeted application that is stored in an undersized buffer. The information on the call stack will be overwritten to include the return pointer of the function or method. The information sent by the attacker will set the value of the return point to transfer control to the computer malware or other malicious code stored in the attacking information. At the program architecture level, a buffer overflow vulnerability normally occurs when an attacker successfully finds a violation of the programming assumptions not caught by error checking or by faulty memory manipulation.
What Are Other Types of Buffer Overflows?

There are a number of other buffer overflow attacks that have emerged in addition to the classic case. These include the format string attack, off-by-one error, and the heap buffer overflow. Commonalities between the various types include programming code that relies on external data to control application behavior, complex programming architecture, and dependence upon properties of data enforced outside the immediate scope of the programming code.
How Can Buffer Overflow Attacks Be Used Against Web Applications?

Similar to traditional buffer overflow attacks, web applications are also susceptible to the attack. In the web app case, an attacker will send specifically designed data inputs to the app to cause it to execute arbitrary code in order to take over the web or application server. The attack can also be used to target application server products and can pose significant risk to the users of the product. Common web vulnerabilities to the attack arise when the apps rely on libraries to conduct work and in custom code that does not undergo significant error testing.
How Do You Guard Against Buffer Overflow Attacks?

The primary means of defense against a buffer overflow attack is to keep up-to-date on all computer application and web product updates. Failure to apply the most recent patches to products is one of the most common sources of vulnerabilities to buffer overflow attacks. If running a website, making use of commonly available scanners to analyze the site to identify flaws in custom or commercially acquired web products is another proactive step that can be taken to identify the vulnerability prior to exploitation by rogue attackers.

Share This

| More

Related Posts by categories


Post a Comment