Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Published byΣέργιος Αλαβάνος Modified over 5 years ago

Similar presentations

Presentation on theme: "Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow."— Presentation transcript:

1 Stack buffer overflow

2 What is a stack buffer overflow?
Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer Causes bugs, crashes, and can be used in an attack known as stack smashing (executing arbitrary code on a protected machine) Notable Example: Twilight Hack

3 #include <string.h>
void foo (char *bar) { char c[12]; strcpy (c, bar); //no bound } int main (int argc, char **argv) foo(argv[1]);

4 Normal Execution “hello” is written to the char buffer. Note the null terminating byte. #include <string.h> void foo (char *bar) { char c[12]; strcpy (c, bar); //no bound } int main (int argc, char **argv) foo(argv[1]);

5 Buffer Overflow! Called with argument: AAAAAAAAAAAAAAAAAAAA\x08\x35\xC0\x80 The return address now points to the start of the 12-byte buffer.

6 Lab 3 Due Friday April 22. Stack buffer overflow problem, very similar to what we have described today.

7 Tools and Examples

Download ppt "Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow."

Similar presentations

Buffer Overflow Prabhaker Mateti Wright State University.

Buffer Overflow Prabhaker Mateti Wright State University.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Chapter 7 Process Environment Chien-Chung Shen CIS, UD

Chapter 7 Process Environment Chien-Chung Shen CIS, UD
CSE 451: Operating Systems Section 1. Why are you here? 9/30/102.

CSE 451: Operating Systems Section 1. Why are you here? 9/30/102.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.

Stack buffer overflow.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Computer Security Buffer Overflow lab Eu-Jin Goh.

Computer Security Buffer Overflow lab Eu-Jin Goh.
Unix Process Environment. main Function A C program starts execution with a function called main. The prototype for the main function is: int main (int.

Unix Process Environment. main Function A C program starts execution with a function called main. The prototype for the main function is: int main (int.
Advanced Programming in the UNIX Environment Hop Lee.

Advanced Programming in the UNIX Environment Hop Lee.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2012.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.

Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.

Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.

Similar presentations

Ads by Google