Buffer Overflow Vulnerabilities

Introduction to buffer overflows

Buffer overflows are considered the most dangerous vulnerability according to the CWE Top 25 list in 2019. They received a score of 75.56, almost 30 full points higher than the second-ranking vulnerability (cross-site scripting). The reason for this high score is that a buffer overflow vulnerability, if exploited, grants an attacker a large degree of control over a program’s execution and enables execution of attacker-provided malicious code.

Buffer overflow vulnerabilities are created when a developer fails to appropriately manage memory for user-controlled data. If a user can put more data into a pre-allocated memory buffer than the buffer can hold, they can dramatically impact the operation of a program.

User input and memory management

Every piece of data on a computer that is used by a program has to be stored somewhere. When a program is running, this “somewhere” is either the stack or the heap. While both of these can be the victim of buffer overflow attacks, stack-based ones are the best place to begin.

The stack is a region of memory where a program can store values for later use. It grows when new values are added to the top of it, like a stack of papers (hence the name).

The image above shows a sample program stack. As shown, a function’s stack includes function arguments/parameters, local variables and the function’s return address. If an attacker can rewrite the function return address, they can control the execution flow of the program and potentially convince it to run attacker-controlled malicious code.

When placing data on the stack, a developer can allocate a variable with a set size to hold that data and then fill it with data. As long as the data fits in the allocated variable buffer, then everything works out.

Buffer overflow (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/2BWuJJKeG8A/