Search results
Results From The WOW.Com Content Network
Visualization of a software buffer overflow. Data is written into A, but is too large to fit within A, so it overflows into B.. In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.
A stack buffer overflow can be caused deliberately as part of an attack known as stack smashing. If the affected program is running with special privileges, or accepts data from untrusted network hosts (e.g. a webserver ) then the bug is a potential security vulnerability .
A "return-to-libc" attack is a computer security attack usually starting with a buffer overflow in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the process executable memory, bypassing the no-execute bit feature (if present) and ridding the attacker of the need to inject their own code.
Canaries or canary words or stack cookies are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, the first data to be corrupted will usually be the canary, and a failed verification of the canary data will therefore alert of an overflow, which can then be handled, for example, by invalidating the corrupted data.
For example, a Buffer Overflow attack pattern, is usually followed by Escalation of Privilege attacks, Subversion attacks or setting up for Trojan Horse /Backdoor attacks. This field can be particularly useful when researching an attack and identifying what other potential attacks may have been carried out or set up.
A NOP-sled is the oldest and most widely known technique for exploiting stack buffer overflows. [2] It solves the problem of finding the exact address of the buffer by effectively increasing the size of the target area. To do this, much larger sections of the stack are corrupted with the no-op machine instruction.
Developments were mostly theoretical until the Morris worm, which exploited a buffer overflow in fingerd. [5] The field of computer security developed quickly thereafter, escalating with multitudes of new attacks such as the return-to-libc attack and defense techniques such as the non-executable stack [6] and address space layout randomization.
The worm spreads by exploiting a buffer overflow discovered by the Polish security research group Last Stage of Delirium [5] in the DCOM RPC service on the affected operating systems, for which a patch had been released one month earlier in MS03-026 [6] (CVE-2003-0352) and later in MS03-039. [7]