Presentation is loading. Please wait.

Presentation is loading. Please wait.

Buffer Overflow By: John Quach and Napoleon N. Valdez.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Buffer Overflow By: John Quach and Napoleon N. Valdez."— Presentation transcript:

1 Buffer Overflow By: John Quach and Napoleon N. Valdez

2 Buffer Overflow Basics Allocate more data into a program than it was designed to support Data that overflow to another region of the memory could be fatal No outbound checking in C++/C/Fortran

3 What is a buffer? A memory space allocated for used during execution. Frame of function void function(int a, int b) { char buffer1[5]; } void main() { function(1,2); } b a ret SFP buffer1

4 Simple Buffer Overflow Example Show example Static Variables ret SFP buffer1 A A A A A A A A A A A A B D C E

5 What happened? function is called and parameter “AAAAAAAAAAAABCDE?” was passed Since strcpy() does not check string’s length, the function call caused a the buffer to overflow

6 Why is BO so dangerous? Buffer can grow towards return address Malicious code could be executed at the new address

7 Example DEEEEEEEEEEEE EEEE FFFF FFFF FFFF FFFF F0123456789AB CDEF 0123 4567 89AB CDEF buffer sfp ret a b c [MALICIOUSPRO][GRAM][0xDF][0x01][0x02][0x03] ^ | |____________________| Exploit a program to execute a malicious program

8 Buffer Overflow Exploit Example Analyst crackme named weird.exe Run the program and guess the serial Find the correct serial using buffer overflow

9 Past BO exploits Morris Internet worm Code Red worm 2001 Blaster worm 2003 Internet Information Server (IIS) Many more

10 How to Prevent Buffer Overflow Always check bounds Avoid scanf() and other dangerous library function call Use strncpy instead Automatic source code checking www.polyspace.com (Linux only) www.polyspace.com Compiler add-ons www.immunix.org

11 Conclusion Buffer Overflow is simply manipulating memory to gain control of a program Buffer Overflow is hard to successfully execute Hard to fix

12 Reference Chuvakin, Anton and Peikari, Cyrus. Security Warrior. Reilly Associates Inc, 2004. pp.161-175 One, Aleph, "Smashing The Stack For Fun And Profit," Phrack, Vol 7, Issue 49, File 14 of 16

Download ppt "Buffer Overflow By: John Quach and Napoleon N. Valdez."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Functions, Varargs, and Stack Smashing Using the Stack for Good And Evil Before You Sit Down Please Get The Handout at the Entrance This file is called.

Functions, Varargs, and Stack Smashing Using the Stack for Good And Evil Before You Sit Down Please Get The Handout at the Entrance This file is called.
Buffer Overflow Prabhaker Mateti Wright State University.

Buffer Overflow Prabhaker Mateti Wright State University.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
K. Salah1 Buffer Overflow The crown jewel of attacks.

K. Salah1 Buffer Overflow The crown jewel of attacks.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Software and Security Buffer Overflow 1.

Software and Security Buffer Overflow 1.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Buffer overflow1 BUFFER OVERFLOW Tsega Gebreyonas Sunny Choi CS 265 November 18, 2003.

Buffer overflow1 BUFFER OVERFLOW Tsega Gebreyonas Sunny Choi CS 265 November 18, 2003.
Run-Time Storage Organization

Run-Time Storage Organization
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Similar presentations

Ads by Google