CYBER SECURITY

Buffer Overflow

October 19, 2020
VINAY CHANDEL
A Buffer Overflow takes place when a program overwrites other parts of a computer’s memory to store excess data, which can cause errors or even crashes. Hackers launch buffer overflow attacks by sending more data to a program than it expects (often including malicious code), leading the application to take over operating system memory. This action can allow unauthorized code to execute or simply lead to a system crash.

Buffer Overflow Example

In the above image, memory is made of different parts. Between the stack and the heap, there is a buffer area, which allows both to grow during run time. 
If we look at a stack in detail, we can see different sections: 
  • Function: the calling function written by the developer
  • Parameters: the parameters needed by the function 
  • Return: it tells the program what to do after it has executed the function 
  • Base pointer: marks the start of a function stack frame
  • Buffer: the allocated space for data 
In this example, we have a program that allocated 20 bits of buffer. If we inject more than that amount, say 30 bits, the data will overflow.
Because of the nature of the memory, the data will overflow upwards towards the function. Once it gets to the return section, that is where the problems start.
If an attacker injects data in the return that points to the address of malicious code, the program will run it, causing severe consequences.

What types of buffer overflow are there?

Here are the most well-known types of buffer overflow, beginning with the most common:
  • Stack overflow :This involves overflowing a buffer on the call stack, as described above. 
  • Heap overflow :Same as stack overflow, but it takes place in an open memory pool.
  • Integer overflow :An arithmetic operation results in an integer that is too large for the integer type meant to store it.
  • Unicode overflow :Unicode characters are inserted into an input that expects ASCII characters.

How do attackers exploit buffer overflows?

An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.
For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.

How to protect against buffer overflow attacks?

Avoid C/C++ : C and C++ are programming languages prone to buffer overflow. If possible, use another language like COBOL, Java, and Python that do not allow direct memory access. Consider safety versus performance costs when deciding which language and compiler setting to use.
Address space randomization :  Randomly rearranges the address space locations of key data areas of a process. Buffer overflow attacks generally rely on knowing the exact location of important executable code, randomization of address spaces makes that nearly impossible. 
Buffer overflow protection : Enhance the security of executable programs by detecting buffer overflows on stack-allocated variables and preventing them from causing program misbehavior or from becoming serious security vulnerabilities.
Executable space protection : Mark memory regions as non-executable. This will prevent executing machine code in these regions. Any attempts will cause an exception.
Bounds checking : Avoid standard library functions that are not bounds checked, such as gets, scanf and strcpy. Bounds checking in abstract data type libraries can reduce the occurrence and impact of buffer overflows.
Static code analysis : Scan your code for buffer overflow vulnerabilities with a Static Application Analysis Tool and get tips on how to prevent them from being exploited.

Leave a Reply

Your email address will not be published. Required fields are marked *