Page 1 of 1
- FreeBooterSite Admin
OS : Windows 10
Arch. : x64 (64-bit)
Anti-Malware : ESET Smart Security
Posts : 2124
Rubies : 837079
Likes : 211
What is Buffer Overflow Attack
Buffer Overflow attack happens when a application writes more data to a memory location than what it can hold, thus overwriting the adjacent memory space, leading to a buffer overflow. This can have a variety of results: it can crash the program, it can cause the data in the buffer to overwrite other data, or it can even overwrite other program data on the system.
However, these types of attacks are normally intentionally crafted exploits where the return pointer is overwritten through buffer overflows to point to the malicious code inserted by the attacker and the execution of the same. The extent of the attack possible is dependent on the context in which the program attacked is running or the privileges under which the program is running.
Two types of Buffer Overflow Attacks can occur:
- Stack Based Buffer Overflows
- Heap Based Buffer Overflows
In software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer. ... Stack buffer overflow can be caused deliberately as part of an attack known as stack smashing. Stack is a Last-In-First-Out method to refer to a memory address space which is used to hold the variables and to pass the arguments to the functions. Stack is a static location. Heap is again a memory address space, but is allocated dynamically by the program at runtime. Both are prone to Buffer Overflow Attacks. In Stack Based Buffer Overflows, the buffer is overwritten by the overflow, which enables the attacker to overwrite the return pointer to point to the malicious code so that the malicious code is executed instead of the originally intended function / code.
A heap overflow is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. The Heap Based Overflows can lead to unknown side effects. In these types of attacks, the program can typically open a command prompt or stop execution of the program. Heap Based Buffer Overflows are common in C and C++ programming languages. These are possible because the objects are loaded onto heap and such objects hold both data as well as the pointers. The data can be made to overflow the pointers, thus overwriting the address of the program statement being executed to the malicious code. Also, the input data can overwrite the neighboring memory locations on buffer overflow.
Both the Stack Based Buffer Overflow Attack as well as the Heap Based Overflow Attacks are not easy and require elaborate study or proper prediction on the part of the attacker. The success for the attacker depends upon the right prediction.
Fortunately, there are a variety of defenses against zero-day attacks, privilege escalation, and buffer overﬂows:
- Applications and users should follow the principle of least privilege to limit the access that they can provide if they are exploited.
- Data execution prevention (DEP) tools can prevent code from being executed when buffer overﬂows place code where it shouldn’t be.
- Memory address space randomization, commonly called address space layout randomization (ASLR) helps by making the base address of executables, libraries, and other processes random, preventing attackers from being able to figure out how much data is required in a buffer overﬂow to put code in specific memory locations.
- Regular patching can help prevent exploits of known vulnerabilities.
Did you find this tutorial helpful? Don’t forget to share your views with us.
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:You can reply to topics in this forum