Buffer Overflow

1. Buffer Overflow Maddikayala, jagadish. CSCI 5931 Web Security Prof. T. Andrew Yang Monday Feb. 23

2. What is Buffer Overflow? • A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C • Buffer overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold • Buffer overflows are exploited to change the flow of a program in execution • Buffer overflows are by far the most commonly exploited bug on the linux/unix Operating systems

3. Process Memory Organization High addess Low address

4. Buffer Organization • Storage of xyz buffer. • Buffer “xyz” in memory • Two consecutive buffers, xyz and abcde. Unused byte 1 word = 4 bytes

5. Examples • char a[5]="yang"; • char b[9]="security"; • strcpy(b, "maddikayala"); • printf("%s\n", a); Initial stack organization After the overflow a a b b

6. Examples • char a[4]="tom"; • char b[8]="michael"; • strcpy(b, "maddikayala"); • printf("%s\n", a); Initial stack organization After the overflow a a overwritten b b This is the kind of vulnerability used in buffer overflow exploits

7. Buffer Overflow Countermeasures • Write secure code • Non-executable Buffers • Advanced debugging tools • Fault injection tools • Static analysis tools • StackShield and StackGuard • Compilers • offer warnings on the use of unsafe constructs such as gets (), strcpy () • generate the code with built-in safeguards to prevent the use of illegal addresses

8. References • http://mixter.void.ru/exploit.html • http://www.linuxjournal.com/article.php?sid=6701 • http://www.linuxjournal.com/article.php?sid=2902 • http://www.devbuilder.org/asp/dev_article.asp?aspid=43 • http://immunix.org/StackGuard/discex00.pdf • http://www.infosecwriters.com/texts.php?op=display&id=134 • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549024,00.html

9. Thank you Any Questions???