KIET SCHOOL OF ENGINEERING & TECHNOLOGY

DEPARTMENT OF COMPUTER APPICATIONS

PRESENTATION ON Buffer overflow attack : A potential problem and its Implications SUBMITTED BY ROLL NO:-1102914016 NAME :-Amita SEMESTER :-6th SECTION :-B

Buffer Overflow Attack

Introduction. Technical description Technology. Issues. Conclusion.

Buffer Overflow Attack

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.
3

Technical Description:

A buffer overflow occurs when data written to a buffer, due to insufficient bounds checking, corrupts data values in memory addresses adjacent to the allocated buffer. Most commonly this occurs when copying strings of characters from one buffer to another

Exploitation
The general idea is to give servers very large strings that will overflow a buffer. For a server with sloppy code its easy to crash the server by overflowing a buffer. Its sometimes possible to actually make the server do whatever you want (instead of crashing).

Technology
The most popular technology it works with are C C++ The Java and .NET bytecode environments also require bounds checking on all arrays.

CPU/OS dependency
Building an exploit requires knowledge of the specific CPU and operating system of the target. Ill just talk about x86 and Linux, but the methods work for other CPUs and Oss.

 In the following example, a program has defined two data items which are adjacent in memory: an 8-bytelong string buffer, A, and a two-byte integer, B. Initially, A contains nothing but zero bytes, and B contains the number 1979. Characters are one byte wide.
variable name
value Hex value

A
Null string 00 00 00 00 00 00 00 00

B
1979 07 BB

 Now, the program attempts to store the nullterminated string "excessive" in the A buffer. By failing to check the length of the string, it overwrites the value of B:

variable name
value Hex value

A
Null string 65 78 63 65 73 73 69 76

B
1979 65 00
9

Issues
The small program should be positionindependent able to run at any memory location. It cant be too large, or we cant fit the program and the new return-address on the stack!

10

Conclusion
Don't use strcpy. Check the return value on all calls to library functions like malloc (as well as all system calls). Don't use multiplication (or addition). Might as well not use subtraction or division either.

11

Thank You!

12