Ethical hacking: Buffer overflow

Introduction to buffer overflows

When taking external input, an application needs to allocate memory to store that input. Many high-level programming languages will do this behind the scenes, but some languages (like C/C++) allow the programmer to allocate memory directly through functions like malloc.

A buffer overflow vulnerability occurs when the application tries to store more data in the allocated memory than there is room for. This can occur for a variety of reasons, including:

  • Failing to check input length when reading
  • Forgetting to allocate space for the null terminator
  • Input lengths that cause an integer overflow

Regardless of the reason, if an application tries to write to memory beyond the range of its allocated buffer, this means that it is writing to the memory allocated for other purposes within the application. Due to the structure of how memory is allocated within a computer, this can be extremely useful to an attacker since it allows them to control the execution of the program.

Buffer overflow exploitation

Exploitation of a buffer overflow vulnerability is fairly simple. If a program incorrectly allocates memory for user input or insecurely reads data into that memory space, a buffer overflow vulnerability exists. This vulnerability can be exploited by a hacker simply by providing more input to the application than the allocated buffer is capable of holding.

Overflowing a buffer with meaningless or random input is likely to just cause a segmentation fault or an error in the program. However, the structure of the stack means that a well-designed buffer overflow exploit can do much more, allowing an attacker to control execution flow and run malicious code on the system.

The stack

An application can allocate memory on the stack or on the heap. The stack is commonly used for function arguments and local variables, and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/4MCJtkifHNw/