Understanding and Preventing Buffer Overflow Attacks in Unix

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Smashing the Stack for Fun and Profit
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Teaching Buffer Overflow Ken Williams NC A&T State University.
Teaching Buffer Overflow Ken Williams NC A&T State University.
SQL Injection and Buffer overflow
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
System Calls 1.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.
Attacking Applications: SQL Injection & Buffer Overflows.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Mitigation of Buffer Overflow Attacks
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Buffer Overflow. Introduction On many C implementations, it is possible to corrupt the execution stack by writing past the end of an array. Known as smash.
Overflows & Exploits. In the beginning 11/02/1988 Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating,
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Buffer overflow and stack smashing attacks Principles of application software security.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Analyzing C/C++ Vulnerabilities -- Mike Gerschefske.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Let’s look at an example
Shellcode COSC 480 Presentation Alison Buben.
Buffer Overflow By Collin Donaldson.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Introduction to Operating Systems
Protecting Memory What is there to protect in memory?
The Hardware/Software Interface CSE351 Winter 2013
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
CSC 495/583 Topics of Software Security Stack Overflows (2)
CMSC 414 Computer and Network Security Lecture 21
Introduction to Operating Systems
Buffer Overflow.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Software Security Lesson Introduction
Format String.
Understanding Program Address Space
Lecture 9: Buffer Overflow*
CSC 495/583 Topics of Software Security Format String Bug (2) & Heap
Smashing the Stack for Fun and Profit
CSc 352 Debugging Tools Saumya Debray Dept. of Computer Science
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
System and Cyber Security
FIGURE Illustration of Stack Buffer Overflow
Several Tips on Project 1
Topic 2b ISA Support for High-Level Languages
Format String Vulnerability
Return-to-libc Attacks
Presentation transcript:

Understanding and Preventing Buffer Overflow Attacks in Unix Alan Cox Appalachian State University April 29, 2002

Introduction What are buffer overflow attacks? How much of a threat do they pose? How do they work? What do you do to prevent them?

What are buffer overflow attacks? Provide an opportunity for a non-privileged user to execute arbitrary code as a privileged user. Attack can be made remotely using the Internet, or locally by a user with a shell account, etc.

How much of a threat do they pose? One of the most common security vulnerability over the past ten years. Many operating systems vulnerable. It is possible for an attacker to take complete control of a host.

Background UNIX permissions UNIX processes and stack

UNIX Permissions Multi-user operating system. One user ‘root’ is super-user and can do anything. Processes usually run with privilege of the user who started it. ‘Sticky bit’ allows a program to run with privilege of user who owns executable.

UNIX Processes and Stack Processes stored in three parts Text Data Stack Text area: - stores program code Data area: - two parts: initialized data and uninitialized data At execution: - text & data loaded into primary memory - all instances of a program share same text area - seg fault if write to text - each process has its own data and stack areas Stack: - zero-filled - first in – last out - dynamically allocated at runtime Two parts of stack: - heap: just above uninitialized data - user stack: lives above heap User stack: - contains many stack frames – each representing a function call - each frame has: function params, local vars, info to get back to what called function (incl. Instruction pointer)

Exploiting Buffer Overflows Buffer overflows are common in C/C++. This gives a segmentation fault. What happens? strcpy does not perform any array bounds checking continues to write the contents of str, even after it has exhausted the memory allocation of buffer. buffer lives in a stack frame beside the instruction pointer that specifies the instruction that follows the function call. In this case, the IP would contain the address of the first instruction that would execute the return 0 statement. When strcpy overflows buffer, it overwrites the contents of the instruction pointer. When foo finishes, the processor tries to execute the instruction living at the address specified by the instruction pointer. “The running process can no longer fetch the next instruction from the proper address, overwritten with an address outside its process space, returning a segmentation fault. [4]”

Exploiting Buffer Overflows If a malicious user is able to overwrite the IP with the address of specific code, the processor will execute that code. ‘shellcode’ is a string that represents valid instructions

Exploiting Buffer Overflows Previous example not very realistic – programmers shouldn’t put something like ‘shellcode’ in their programs. How, then, does an attacker get ‘shellcode’ into memory? Manipulating command-line arguments Manipulating environmental variables Interactive input

Preventing Buffer Overflows Reduce number of programs SUID root. Writing better programs Use strncat() rather than strcat(), etc. Check all user input Modify compilers (i.e. StackGuard) Use development tools such as LCLint

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.