On Buffer Overrun Vulnerabilities, Exploits and Attacks

Thursday, April 19, 2012

Fergal Glynn

68b48711426f3b082ab24e5746a66b36

Now and again we present short educational briefings on topics related to Application Security. Last time we discussed Data Breaches. Today I will present a brief overview of Buffer Overflows.

A Buffer overflow is a common software coding mistake. In order to effectively mitigate buffer overflow vulnerabilities, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit these vulnerabilities.

A buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. A buffer overflow, or “buffer overrun” occurs when more data is put into a fixed-length buffer than the buffer can handle. Adjacent memory space becomes overwritten and corrupted. When this occurs – bad things happen. Usually system crashes, but also the opportunity for an attacker to run arbitrary code.

Many programming languages are prone to buffer overflow attacks. However, the extent of such attacks varies depending on the language used to write the vulnerable program. For instance, code written in Perl and JavaScript is generally not susceptible to buffer overflows. However, a buffer overflow in a program written in C, C++, Fortran, or Assembly could allow the attacker to fully compromise the targeted system.

Cyber criminals exploit buffer overflow problems. Malicious actors take advantage of this software vulnerability to alter the execution path of the application by overwriting parts of its memory. The malicious extra data may contain code designed to trigger specific actions – in effect sending new instructions to the attacked application that could result in unauthorized access to the system. Hacker techniques that exploit a buffer overflow vulnerability vary per architecture and operating system.

It’s a common mistake in application development today not to allocate large enough buffers or check for overflow problems. C/C++ applications are often targets of buffer overflow attacks. C/C++ applications have no built-in protection to buffer overflows. Developers of C/C++ applications should avoid standard library functions which are not bounds checked, such as gets, scanf and strcpy.

Secure development practices should include regular testing to detect and fix buffer overflows. The most reliable way to avoid or prevent buffer overflows is to use automatic protection at the language level. Another fix is “bounds checking” enforced at run-time, which prevents buffer overrun by automatically checking that data written to a buffer is within acceptable boundaries.

We value your opinion, so please let us know if there are any concepts or topics you would like to hear about from us.

Cross-posted from Veracode

Possibly Related Articles:
13717
Network->General
Information Security
Application Security Vulnerabilities Attacks Exploits Secure Coding Network Security hackers Buffer Overflow Mitigation
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.