Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

Published byRaphael Lebel Modified over 5 years ago

Similar presentations

Presentation on theme: "CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst"— Presentation transcript:

1 CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Last Updated: Nov 8, 2016

2 Buffer Overflow A common security vulnerability Root cause
Unsafe programming languages The problem would disappear if we would write correct code What areas of process memory are vulnerable to a buffer overflow? Stack Heap Code/Data

3 Stack Smashing Attack A specific kind of buffer overflow attack
How does it work? During a function call, the return address is pushed on the stack An attacker overflows a buffer (local variable) The return address on the stack is overwritten to point to an existing function or to injected code During the function return the instruction pointer is set to the new return address value stored on the stack, not the original return address that was pushed on the stack as the function was called

4 Vulnerable Code Examples
This code snippet caused the Morris Worm (1988) char buf[20]; gets(buf);

5 Vulnerable Code Examples
void foo(char *input) { //make a local working copy char buf[1024]; strcpy(buf, input); }

6 Limitations Usually there is only one write operation that is vulnerable The attacker has one operation to overwrite the return address The stack frame is usually corrupted so that the program crashes sometime after the buffer is overflowed But the attack may be executed before the crash occurs Remote attacker doesn’t know the exact address location of the injected attack code NOP Sled helps create a window of opportunity

7 Questions on Stack Smashing
How does the stack normally operate during a function call/return? Where is the stack in memory? How do the base pointer (ebp) and stack pointer (esp) work? How are local variables placed on the stack? Describe how an attacker can inject code on the stack What is a NOP sled and how/why is it used in a stack smashing attack? What are the requirements for the format of the injected code?

8 Defenses Write correct code Non-executable buffers
Avoid vulnerable functions Audit code – use analysis tools Fuzz testing Non-executable buffers Kernel patches make the stack non-executable Array bounds checking Compile time or run-time checks Use a type-safe language Code pointer integrity checking Detect when a pointer is corrupted Canaries and pointer checking Address space randomization (ASLR)

9 Canary How does a canary prevent a stack smashing attack? Canary types
Terminator canary Random canary XOR canary

10 Questions What are the approaches to defend against a buffer overflow attack? What are the pros/cons of each? Is a buffer overflow only useful for a remote attack? (True or False) Making the stack non-executable makes a stack smashing attack impossible? (True or False) If your web server is written in Java, it is not vulnerable to a stack smashing attack? What is the principle of least privilege and how does it relate to buffer overflow attacks?

11 Integer Manipulation Vulnerabilities
Three main integer manipulations that can lead to security vulnerabilities Overflow and underflow Signed vs. unsigned errors Truncation Reviewing Code for Integer Manipulation Vulnerabilities

Download ppt "CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst"

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
K. Salah1 Buffer Overflow The crown jewel of attacks.

K. Salah1 Buffer Overflow The crown jewel of attacks.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.

Windows XP SP2 Stack Protection Jimmy Hermansson Johan Tibell.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.

Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
Lecture 16 Buffer Overflow

Lecture 16 Buffer Overflow
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Similar presentations

Ads by Google