Presentation is loading. Please wait.

Presentation is loading. Please wait.

Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.

Published byJewel Moore Modified over 8 years ago

Similar presentations

Presentation on theme: "Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and."— Presentation transcript:

1 Buffer Overflows Lesson 14

2 Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and strcpy –these don’t check input for boundaries may allow individual to gain root or admin access Easy to do in any programming language…what is the real problem?

3 What is a buffer overflow? “A buffer overflow attack is when an attacker tries to store too much information in an undersized receptacle.” “A common implementation is when a user of the program gives the program more data than the developers of the program allocated to store it.”

4 Exploits Buffer Overflows fingerd, statd, talkd, … result of poor programming practice Shell Escapes special character in input string causes escape to shell

5 Buffer Overflow Example #include void func(char *p) { char stack_temp[20]; strcpy(stack_temp, p); printf(stack_temp); } int main(int argc, char* argv[]) { func(“I AM MORE THAN TWENTY CHARACTERS LONG!”); return 0; }

6 Buffer Overflows Program Execute A Return Subroutine A Read Variable Data Process Stack Return Addr

7 Buffer Overflows Program Execute A Return Subroutine A Read Variable Data Process Stack Return Addr New Addr Another Routine

8 Buffer Overflows Program Execute A Return Subroutine A Read Variable Data Process Stack Return Addr New Addr Machine Code

9 Types of buffer overflow attacks Denial of service – buffer overflow will cause the system to “crash” Since important information needed by the OS to continue running can be located on the stack, by overflowing with enough data you can wipe out this important information. Execution of code that the attacker chooses to run. Overwrite just the right amount of information to overflow the stack and rewrite the return address pointer. Do this right and you can point to your own code.

10 Buffer Overflows (cont) “A key point to remember is that the attacker’s code will run at whatever privileges the software that is exploited is running at.” “In most cases, an attacker tries to exploit programs that are running as a privileged account such as root or domain administrator.”

11 Protection against buffer overflow attacks Close the port or service Best way to protect yourself is to remove SW that is subject to an overflow. If this SW is installed by default, close ports and remove service. Rule of thumb: “Know what is installed on your systems and have the least amount of services running and ports open that are required for the system to operate in a specific environment.”

12 Protection Apply the vendor’s patch or install the latest version of the software. Usually shortly after a buffer overflow vulnerability is discovered the vendor will develop and release a patch. This fixes the problem as opposed to just minimizing exposure.

13 Protection Filter specific traffic at the firewall. Block the traffic of the vulnerable software at the firewall. This will restrict the ability of external attackers to exploit the vulnerability. Does not prevent an insider from exploiting the vulnerability, just limits the exposure.

14 Prevention Test key applications. Take a proactive approach and attempt to find buffer overflow exploits yourself. Not practical for all applications but for key ones it is.

15 Prevention Run Software at the Least Privilege Required Often system administrators will install and configure applications as root. Quick an easy to ensure they have access to what they need. Also easy way to guarantee system is vulnerable if buffer overflow exploit is discovered in one of the applications since it will execute code as root.

Download ppt "Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Understand Database Security Concepts

Understand Database Security Concepts
Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #30 Nov 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
A Buffer Overflow Example João Paulo Magalhães 2009.

A Buffer Overflow Example João Paulo Magalhães 2009.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.

1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.
Firewall Vulnerabilities Presented by Vincent J. Ohm.

Firewall Vulnerabilities Presented by Vincent J. Ohm.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Buffer overflows.

Buffer overflows.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Similar presentations

Ads by Google