1 / 15

Buffer Overflows

Buffer Overflows. Lesson 14. Example of poor programming/errors. Buffer Overflows result of poor programming practice use of functions such as gets and strcpy these don’t check input for boundaries may allow individual to gain root or admin access

jin
Download Presentation

Buffer Overflows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Buffer Overflows Lesson 14

  2. Example of poor programming/errors • Buffer Overflows • result of poor programming practice • use of functions such as gets and strcpy • these don’t check input for boundaries • may allow individual to gain root or admin access • Easy to do in any programming language…what is the real problem?

  3. What is a buffer overflow? • “A buffer overflow attack is when an attacker tries to store too much information in an undersized receptacle.” • “A common implementation is when a user of the program gives the program more data than the developers of the program allocated to store it.”

  4. Exploits • Buffer Overflows • fingerd, statd, talkd, … • result of poor programming practice • Shell Escapes • special character in input string causes escape to shell

  5. Buffer Overflow Example #include <stdio.h> #include <string.h> void func(char *p) { char stack_temp[20]; strcpy(stack_temp, p); printf(stack_temp); } int main(int argc, char* argv[]) { func(“I AM MORE THAN TWENTY CHARACTERS LONG!”); return 0; }

  6. Buffer Overflows Data Execute A Return Addr Subroutine A Process Stack Read Variable Return Program

  7. Buffer Overflows Data New Addr Execute A Return Addr Subroutine A Process Stack Read Variable Return Program Another Routine

  8. Buffer Overflows Data New Addr Execute A Machine Code Return Addr Subroutine A Process Stack Read Variable Return Program

  9. Types of buffer overflow attacks • Denial of service – buffer overflow will cause the system to “crash” • Since important information needed by the OS to continue running can be located on the stack, by overflowing with enough data you can wipe out this important information. • Execution of code that the attacker chooses to run. • Overwrite just the right amount of information to overflow the stack and rewrite the return address pointer. • Do this right and you can point to your own code.

  10. Buffer Overflows (cont) • “A key point to remember is that the attacker’s code will run at whatever privileges the software that is exploited is running at.” • “In most cases, an attacker tries to exploit programs that are running as a privileged account such as root or domain administrator.”

  11. Protection against buffer overflow attacks • Close the port or service • Best way to protect yourself is to remove SW that is subject to an overflow. • If this SW is installed by default, close ports and remove service. • Rule of thumb: “Know what is installed on your systems and have the least amount of services running and ports open that are required for the system to operate in a specific environment.”

  12. Protection • Apply the vendor’s patch or install the latest version of the software. • Usually shortly after a buffer overflow vulnerability is discovered the vendor will develop and release a patch. • This fixes the problem as opposed to just minimizing exposure.

  13. Protection • Filter specific traffic at the firewall. • Block the traffic of the vulnerable software at the firewall. • This will restrict the ability of external attackers to exploit the vulnerability. • Does not prevent an insider from exploiting the vulnerability, just limits the exposure.

  14. Prevention • Test key applications. • Take a proactive approach and attempt to find buffer overflow exploits yourself. • Not practical for all applications but for key ones it is.

  15. Prevention • Run Software at the Least Privilege Required • Often system administrators will install and configure applications as root. • Quick an easy to ensure they have access to what they need. • Also easy way to guarantee system is vulnerable if buffer overflow exploit is discovered in one of the applications since it will execute code as root.

More Related