Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding and Preventing Buffer Overflow Attacks in Unix

Published byたつぞう わたぬき Modified over 5 years ago

Similar presentations

Presentation on theme: "Understanding and Preventing Buffer Overflow Attacks in Unix"— Presentation transcript:

1 Understanding and Preventing Buffer Overflow Attacks in Unix
Alan Cox Appalachian State University April 29, 2002

2 Introduction What are buffer overflow attacks?
How much of a threat do they pose? How do they work? What do you do to prevent them?

3 What are buffer overflow attacks?
Provide an opportunity for a non-privileged user to execute arbitrary code as a privileged user. Attack can be made remotely using the Internet, or locally by a user with a shell account, etc.

4 How much of a threat do they pose?
One of the most common security vulnerability over the past ten years. Many operating systems vulnerable. It is possible for an attacker to take complete control of a host.

5 Background UNIX permissions UNIX processes and stack

6 UNIX Permissions Multi-user operating system.
One user ‘root’ is super-user and can do anything. Processes usually run with privilege of the user who started it. ‘Sticky bit’ allows a program to run with privilege of user who owns executable.

7 UNIX Processes and Stack
Processes stored in three parts Text Data Stack Text area: - stores program code Data area: - two parts: initialized data and uninitialized data At execution: - text & data loaded into primary memory - all instances of a program share same text area - seg fault if write to text - each process has its own data and stack areas Stack: - zero-filled - first in – last out - dynamically allocated at runtime Two parts of stack: - heap: just above uninitialized data - user stack: lives above heap User stack: - contains many stack frames – each representing a function call - each frame has: function params, local vars, info to get back to what called function (incl. Instruction pointer)

8 Exploiting Buffer Overflows
Buffer overflows are common in C/C++. This gives a segmentation fault. What happens? strcpy does not perform any array bounds checking continues to write the contents of str, even after it has exhausted the memory allocation of buffer. buffer lives in a stack frame beside the instruction pointer that specifies the instruction that follows the function call. In this case, the IP would contain the address of the first instruction that would execute the return 0 statement. When strcpy overflows buffer, it overwrites the contents of the instruction pointer. When foo finishes, the processor tries to execute the instruction living at the address specified by the instruction pointer. “The running process can no longer fetch the next instruction from the proper address, overwritten with an address outside its process space, returning a segmentation fault. [4]”

9 Exploiting Buffer Overflows
If a malicious user is able to overwrite the IP with the address of specific code, the processor will execute that code. ‘shellcode’ is a string that represents valid instructions

10 Exploiting Buffer Overflows
Previous example not very realistic – programmers shouldn’t put something like ‘shellcode’ in their programs. How, then, does an attacker get ‘shellcode’ into memory? Manipulating command-line arguments Manipulating environmental variables Interactive input

11 Preventing Buffer Overflows
Reduce number of programs SUID root. Writing better programs Use strncat() rather than strcat(), etc. Check all user input Modify compilers (i.e. StackGuard) Use development tools such as LCLint

Download ppt "Understanding and Preventing Buffer Overflow Attacks in Unix"

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
System Calls 1.

System Calls 1.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.

Let’s look at an example I want to write an application that reports the course scores to you. Requirements: –Every student can only get his/her score.
Attacking Applications: SQL Injection & Buffer Overflows.

Attacking Applications: SQL Injection & Buffer Overflows.

Similar presentations

Ads by Google