Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Published byGyles Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow."— Presentation transcript:

1 Stack buffer overflow

2 What is a stack buffer overflow?
Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer Causes bugs, crashes, and can be used in an attack known as stack smashing (executing arbitrary code on a protected machine) Notable Example: Twilight Hack

3 #include <string.h>
void foo (char *bar) { char c[12]; strcpy (c, bar); //no bound } int main (int argc, char **argv) foo(argv[1]);

4 Normal Execution “hello” is written to the char buffer. Note the null terminating byte. #include <string.h> void foo (char *bar) { char c[12]; strcpy (c, bar); //no bound } int main (int argc, char **argv) foo(argv[1]);

5 Buffer Overflow! Called with argument: AAAAAAAAAAAAAAAAAAAA\x08\x35\xC0\x80 The return address now points to the start of the 12-byte buffer.

6 Lab 3 Due Wednesday April 15th.
Stack buffer overflow problem, very similar to what we have described today.

Download ppt "Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow."

Similar presentations

Buffer Overflow Prabhaker Mateti Wright State University.

Buffer Overflow Prabhaker Mateti Wright State University.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
1 Chapter 10 Strings and Pointers. 2 Introduction  String Constant  Example: printf(“Hello”); “Hello” : a string constant oA string constant is a series.

1 Chapter 10 Strings and Pointers. 2 Introduction  String Constant  Example: printf(“Hello”); “Hello” : a string constant oA string constant is a series.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Chapter 7 Process Environment Chien-Chung Shen CIS, UD

Chapter 7 Process Environment Chien-Chung Shen CIS, UD
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.

Stack buffer overflow.
Buffer Overflow Exploits CS-480b Dick Steflik. What is a buffer overflow? Memory global static heap malloc( ), new Stack non-static local variabled value.

Buffer Overflow Exploits CS-480b Dick Steflik. What is a buffer overflow? Memory global static heap malloc( ), new Stack non-static local variabled value.
Computer Security Buffer Overflow lab Eu-Jin Goh.

Computer Security Buffer Overflow lab Eu-Jin Goh.
Unix Process Environment. main Function A C program starts execution with a function called main. The prototype for the main function is: int main (int.

Unix Process Environment. main Function A C program starts execution with a function called main. The prototype for the main function is: int main (int.
Advanced Programming in the UNIX Environment Hop Lee.

Advanced Programming in the UNIX Environment Hop Lee.
Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.

Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.
S ECURE P ROGRAMMING 2. I NTRODUCTION TO S TATIC A NALYSIS Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with Static Analysis,

S ECURE P ROGRAMMING 2. I NTRODUCTION TO S TATIC A NALYSIS Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with Static Analysis,
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2012.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

Similar presentations

Ads by Google