Professional Documents
Culture Documents
Technical Description:
A buffer overflow occurs when data written to a buffer, due to insufficient bounds checking, corrupts data values in memory addresses adjacent to the allocated buffer. Most commonly this occurs when copying strings of characters from one buffer to another
Exploitation
The general idea is to give servers very large strings that will overflow a buffer. For a server with sloppy code its easy to crash the server by overflowing a buffer. Its sometimes possible to actually make the server do whatever you want (instead of crashing).
Technology
The most popular technology it works with are C C++ The Java and .NET bytecode environments also require bounds checking on all arrays.
CPU/OS dependency
Building an exploit requires knowledge of the specific CPU and operating system of the target. Ill just talk about x86 and Linux, but the methods work for other CPUs and Oss.
In the following example, a program has defined two data items which are adjacent in memory: an 8-bytelong string buffer, A, and a two-byte integer, B. Initially, A contains nothing but zero bytes, and B contains the number 1979. Characters are one byte wide.
variable name
value Hex value
A
Null string 00 00 00 00 00 00 00 00
B
1979 07 BB
Now, the program attempts to store the nullterminated string "excessive" in the A buffer. By failing to check the length of the string, it overwrites the value of B:
variable name
value Hex value
A
Null string 65 78 63 65 73 73 69 76
B
1979 65 00
9
Issues
The small program should be positionindependent able to run at any memory location. It cant be too large, or we cant fit the program and the new return-address on the stack!
10
Conclusion
Don't use strcpy. Check the return value on all calls to library functions like malloc (as well as all system calls). Don't use multiplication (or addition). Might as well not use subtraction or division either.
11
Thank You!
12