Embed Size (px)
Citation preview
Buffer Overflow
Maddikayala, jagadish. CSCI 5931Web Security
Prof. T. Andrew Yang Monday Feb. 23
CSCI 5931 Web Security
What is Buffer Overflow?
A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C
Buffer overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold
Buffer overflows are exploited to change the flow of a program in execution
Buffer overflows are by far the most commonly exploited bug on the linux/unix Operating systems
CSCI 5931 Web Security
Process Memory Organization
env, argv strings
env, argv pointers
stack
heap
.bss
.data
.text
High addess
Low address
Heapint main(){
Char *var = malloc(3);
…
}
var points to an address which is in the heap
.bss
char global;
int main(){
….
}
int main(){
static int var;
…
}
global and var will be in .bss
.data
char global = ‘a’;
int main(){
…
}
int main(){
static char var = ‘a’;
…
}
global and var will be in .data
CSCI 5931 Web Security
Buffer Organization
Storage of xyz buffer. Buffer “xyz” in memory Two consecutive
buffers, xyz and abcde.
\0 z y x
\0 z y x
\0 e
d c b a
Unused byte
1 word = 4 bytes
CSCI 5931 Web Security
Examples
char a[5]="yang"; char b[9]="security"; strcpy(b, "maddikayala"); printf("%s\n", a);
Initial stack organization After the overflow
\0
g n a y
\0
y t i r
u c e s
\0
g n a y
\0 a l a
y a k i
d d a m
a
b
a
b
CSCI 5931 Web Security
Examples
char a[4]="tom"; char b[8]="michael"; strcpy(b, "maddikayala"); printf("%s\n", a);
Initial stack organization After the overflow
\0 m o t
\0 l a e
h c i m
\0 a l a
y a k i
d d a m
a
b
a overwritten
b
This is the kind of vulnerability used in buffer overflow exploits
CSCI 5931 Web Security
Buffer Overflow Countermeasures
Write secure code Non-executable Buffers Advanced debugging tools
– Fault injection tools– Static analysis tools– StackShield and StackGuard
Compilers– offer warnings on the use of unsafe constructs such as gets
(), strcpy ()– generate the code with built-in safeguards to prevent the
use of illegal addresses
CSCI 5931 Web Security
References
http://mixter.void.ru/exploit.html http://www.linuxjournal.com/article.php?sid=6701 http://www.linuxjournal.com/article.php?sid=2902 http://www.devbuilder.org/asp/dev_article.asp?aspid=43 http://immunix.org/StackGuard/discex00.pdf http://www.infosecwriters.com/texts.php?op=display&id=134 http://searchsecurity.techtarget.com/sDefinition/
0,,sid14_gci549024,00.html
CSCI 5931 Web Security
Thank you
Any Questions???
