Scribd
Upload
3 views

Buffer Overflow Vulnerability

Uploaded by

maheshkuma8141
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views

Buffer Overflow Vulnerability

Uploaded by

maheshkuma8141
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Buffer Overflow/Overrun Vulnerability

System Flaws
1. Bugs in Operating Systems
Example: LINUX operating systems contains more Line Of Codes(LOC)
through which an attacker can easily enter to system properties.

2. The Human Factor


Example: Visiting Web Pages that prompts us to click few Unnecessary
Web Links.
Definitions
Buffer:
A buffer is a sequential selection of memory allocated to contain
anything from a character string to an array of integers.
Buffer Overflow:
When more data is put into fixed length buffer than the buffer it can
handle ,then the data will be occupied by the adjacent storage space.
Variants of Buffer Overflow Attack
1. The Stack
2. Return to Libc attacks
Effects and Reasons of Buffer Overflow Attacks
Effects:
• Entry point for attackers.
• Disturbs the entire code and changes it malicious.
• Unauthorized access into the system.

Reasons:
• Programming Languages used.
• Coding Errors
• Failure to allocate necessary storage space.
Stack In Program

• Function() allocates two buffers


buffer1 and buffer2.
• Stack present in the memory
area is used to pass parameters
from one function to another
and store the local variables.

STACK
CONTD

• The values 1,2,3 will be pushed


in to the stack
• Return address will point to the
next instruction following the
function call.
• Prev frame pointer points to the
main() function pointer.
Stack Processing
• Integer occupies 4-bytes in the memory (1,2,3).
• Return Address also occupies 4-bytes.
• Base pointer occupies 4 –bytes.
• Buffer1 occupies 5 bytes and Buffer2 occupies 10 bytes.
Scenario
• What is the output of the following code?
printf(“%x”,buffer2) O/P: 966
printf(“%x”,buffer2[10]) O/P: 966 +10=976(  buffer1)
(i.e) we are printing the address that is outside bufer2

Therefore buffer2[10]=buffer1[0] termed as Buffer Overflow


Attacker’s Perspective

• Modifying the Return address to


Arbitrary location.

You might also like