Simple Buffer Overflow Example Dan Fleck CS469 Security Engineering Reference: Coming up: Buffer Overflows.

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Recitation By yzhuang, sseshadr. Agenda Debugging practices – GDB – Valgrind – Strace Errors and Wrappers – System call return values and wrappers – Uninitialization.
Buffer Overflow Prabhaker Mateti Wright State University.
Smashing the Stack for Fun and Profit
CS 450 Module R1. R1 Introduction In Module R1, you will implement a user interface (command handler). There are a couple of options: ▫Command Line: interface.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
Unions The storage referenced by a union variable can hold data of different types subject to the restriction that at any one time, the storage holds data.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Pointer, malloc and realloc 1. Name entered was 6 char, not enough space to put null terminator 2 Array of char.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Stack buffer overflow
CSE 451 Section Autumn 2005 Richard Dunn Office hours: WTh 3:30-4:20 Allen 216 (or lab)
CMSC 104, Version 8/061L22Arrays1.ppt Arrays, Part 1 of 2 Topics Definition of a Data Structure Definition of an Array Array Declaration, Initialization,
Overview Working directly with memory locations is beneficial. In C, pointers allow you to: change values passed as arguments to functions work directly.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Debugging Print And Imaging Drivers. Print driver team philosophy on driver quality There are tools to detect violations Wrongful development assumptions.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Computer Security and Penetration Testing
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.
Instructor Notes GPU debugging is still immature, but being improved daily. You should definitely check to see the latest options available before giving.
Stack and Heap Memory Stack resident variables include:
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
1 Pointers and Arrays. 2 When an array is declared,  The compiler allocates sufficient amount of storage to contain all the elements of the array in.
1 Homework HW5 due today Review a lot of things about allocation of storage that may not have been clear when we covered them in our initial pass Introduction.
CNIT 127: Exploit Development Ch 4: Introduction to Heap Overflows
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Buffer overflow and stack smashing attacks Principles of application software security.
Hank Childs, University of Oregon April 15th, 2015 CIS 330: _ _ _ _ ______ _ _____ / / / /___ (_) __ ____ _____ ____/ / / ____/ _/_/ ____/__ __ / / / /
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
CSc 352 Debugging Tools Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
CS426Fall 2010/Lecture 141 Computer Security CS 426 Lecture 14 Software Vulnerabilities: Format String and Integer Overflow Vulnerabilities.
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
HP-SEE Debugging with GDB Vladimir Slavnic Research Assistant SCL, Institute of Physics Belgrade The HP-SEE initiative.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to.
DYNAMIC MEMORY ALLOCATION. Disadvantages of ARRAYS MEMORY ALLOCATION OF ARRAY IS STATIC: Less resource utilization. For example: If the maximum elements.
CSC 482/582: Computer Security
Content Coverity Static Analysis Use cases of Coverity Examples
Let’s look at an example
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Checking Memory Management
Dynamic Memory Allocation
CSC 253 Lecture 8.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
CSC 253 Lecture 8.
Memory Management III: Perils and pitfalls Mar 13, 2001
CS2S562 Secure Software Development
Software Security Lesson Introduction
Format String.
Memory Management III: Perils and pitfalls Mar 9, 2000
CSC 495/583 Topics of Software Security Format String Bug (2) & Heap
CSc 352 Debugging Tools Saumya Debray Dept. of Computer Science
Introduction to Static Analyzer
Buffer Overflows.
Understanding and Preventing Buffer Overflow Attacks in Unix
FIGURE Illustration of Stack Buffer Overflow
Return-to-libc Attacks
Presentation transcript:

Simple Buffer Overflow Example Dan Fleck CS469 Security Engineering Reference: Coming up: Buffer Overflows 1111

Buffer Overflows Buffer overflows occur when some sized portion of memory is overwritten with something bigger. For example: char buff[10]; // Min index is 0, max index is ???? Overflow: buff[10] =‘d’; Coming up: Why care? 22

Why care? Minimally buffer overflows can cause program crashes or unexpected results char *ptr = (char *) malloc (10); // Allocate 10 bytes on heap ptr[10] = ‘d’ ; // Crash! However because buffer overflows corrupt memory nearby the variable being over-filled, an informed hacker can use this to write data into other protected areas of the program (i.e. stack and heap) char buff[10] = {0}; strcpy(buff, “Lets overflow that buffer!”); // Stack overflow! Coming up: An attack 33

An attack int main(void) { char buff[15]; int pass = 0; printf("\n Enter the password : \n"); gets(buff); // Get the password from the user if(strcmp(buff, "thegeekstuff")) { // Check the password printf ("\n Wrong Password \n"); } else { printf ("\n Correct Password \n"); pass = 1; // Set a flag denoting correct pass } if(pass) { /* Now Give root or admin rights to user*/ printf ("\n Root privileges given to the user \n"); } return 0; } Lets test it! Coming up: Lets look inside… 44

Lets look inside… GDB is a common debugger for C programs. gcc –g myFile.c // -g option enables debug symbols and thus debugging DDD is a graphical front-end to GDB. Typically GDB is used from a command line interface Coming up: Lessons 55

Lessons Buffer overflows occur when memory bounds of a variable are exceeded They can occur on the heap or the stack Buffer overflows have unintended consequences. There are protections against unsafe operations however they may not always be used (or known) Coming up: References 35 66

References to-return-oriented-programming/ to-return-oriented-programming/ Stealth: Nergel, End of presentation 36 77

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.