Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Published byLaurence Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain."— Presentation transcript:

1 Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain super user access to a system. Exploit the way OS handle their – Stack : an internal data structure used by running programs to store data temporarily. – Pushing on the stack. Local variables – used by the function Return address – used by the system to resume execution

2 Stack-Based Buffer Overflows

3 OS: UNIX + Windows systems – Have a stack that can hold data and executable code. Poor Code – Exploited to overrun the boundaries of the local variables on the stack. Input length – Not examined by the code – A particular variable on the stack may exceed the memory allocated to it on the stack – Overwriting variables return address. Smashing the stack – Allows an attacker to overflow the local variables to insert executable code (usually a shell routine) and another return address on the stack.

4 Example void function(int a, int b, int c){ char buffer1[5]; char buffer2[10]; } int main(){ function(1,2,3); }

5 Activation Record Function Parameters Return Address Saved Frame Pointer Local Variables

6 Liner Form 444 cba 44 retsfpbuffer1buffer2 510 Top of memory Bottom of stack Bottom of memory Top of stack

7 Example void function(char *str){ char buffer[16]; strcpy(buffer, str); } int main(){ char large_string[256]; int i; for (i = 0; i < 255; i++){ large_string[i] = ‘A’; } function(large_string); } Buffer overflows take advantage of the fact that bounds checking is not performed (not strongly typed language)

8 No boundary check 4 *str 44 retsfpbuffer 16 Top of memory Bottom of stack Bottom of memory Top of stack AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A A A A A A A A A A A A A A A A The return address is overwritten with ‘AAAA’ (0x41414141) Function exits and goes to execute instruction at 0x41414141…..

9 Example void function(int a, int b, int c){ char buffer1[5]; char buffer2[10]; int *r; r = buffer1 + 9; (*r) += 8; } int main(){ int x = 0; function(1,2,3); x = 1; printf(“%d\n”, x); }

10 Set value 444 cba 44 retsfpbuffer1buffer2 510 Top of memory Bottom of stack Bottom of memory Top of stack 4 r +8 Note: modern implementations have extra info in the stack between the local variables and sfp. This would slightly impact the value added to the address of buffer1. buffer1 + 12 This causes it to skip the assignment of 1 to x, and prints out 0 for the value of x

11 Result We have seen how – We can overwrite the return address of our own program to crash it or skip a few instructions. – Can these principles be used by an attacker to hijack the execution of a program? If we want to go to the buffer, how do we know where the buffer starts? (Basically just guess until you get it right)

12 Stack-Based Buffer Overflows Attacker Enter information as a user into a program – Information Consists of executable code and a new return address. – The buggy program will Not analyze the length of this input, Place it on the stack, and actually begin to execute the attacker’s code. If running with superuser privileges (e.g., SUID root on a UNIX system), the attacker has taken over the machine with a buffer overflow.

13 Stack-Based Buffer Overflow Defenses Programmers: – Properly code software so that it cannot be used to smash the stack. All programs should validate all input from users and other programs, ensuring that it fits into allocated memory structures. Security practitioners and system administrators: – Should carefully control and minimize the number of SUID programs on a system that users can run and have permissions of other users (such as root).

14 Stack-Based Buffer Overflow Defenses Configuring the systems: to not execute code from the stack. (many) – Solaris and Linux offer this option. For example, to secure a Solaris system against stack-based buffer overflows, the following lines should be added: /etc/system: set noexec_user_stack=1 set noexec_user_stack_log=1

15 Stack-Based Buffer Overflow Defenses /etc/system:  will prevent execution on a stack, set noexec_user_stack=1  will log any attempt to do so. – Some programs legitimately try to run code off the stack. Such programs will crash if this option is implemented. If the system is single purpose and needs to be secure (e.g., a Web server) – This option should be used to prevent stack-based buffer overflow.

Download ppt "Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Understand Database Security Concepts

Understand Database Security Concepts
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Buffer Overflow By: John Quach and Napoleon N. Valdez.

Buffer Overflow By: John Quach and Napoleon N. Valdez.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Buffer Overflow. Process Memory Organization.

Buffer Overflow. Process Memory Organization.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 CSC 2405: Computer Systems II Spring 2012 Dr. Tom Way.

1 CSC 2405: Computer Systems II Spring 2012 Dr. Tom Way.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.

Buffer overflows.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Stack allocation and buffer overflow CSCE 531 Presentation by Miao XU

Similar presentations

Ads by Google