Classic Buffer OVERFLOW ATTACKS CSCE 548 Student Presentation Mouiad Al Wahah
Introduction It was discovered in hacking circles. It occurs when the program tries to write more data than the buffer can hold. It has catastrophic impacts on the software security. It is a gate to get full control on the system.
Technical overview1 Buffer overflow attacks works by: Exploits bugs in input boundary checking Exploits flaws in error handling Assign more data to a buffer than it can handle Leads to unpredictable program behavior This behavior is the weapon of the attacker
Technical overview2 Common consequences on: Confidentiality: stealing secret data Integrity: corrupted data, loss of data Availability: DoS, crash of the running programs, etc..
Buffer overflow example 1 1 void func(char *str) 2 { 3 char buffer_1[10]; 4 strcpy(buffer_1,str); 5 } 6 int main () 7{ 8 char s[30]; 9 printf("input the data\n"); 10 gets(s); 11 func(s); 12 printf("The residue data goes here\n"); 13}
Buffer overflow example 2
Buffer overflow example 3 January 2001, Code Red hits MS IIS servers. September 1997, Buffer Overflow turns USS Yorktown into a dead ghost for more than 2.30 hours. 1988, Buffer overflow in Berkeley Unix finger daemon.
Detection buffer overflow vulnerabilities Manual code review. Automated Static Analysis. Automated Dynamic Analysis.
Defense Against Buffer Overflow1 Use safe languages like Java, Perl,..etc. Check all inputs (input ALWAYS is EVIL). Use safer functions that do BOUNDS CHECKING, strncpy instead of strcpy. Use automated tools to find out potential unsafe functions.
Questions & Answers Why there is Classic buffer overflow and just Buffer overflow? Why the problem is still there?
Conclusion Buffer overflow is the most exploited vulnerability. No certain way to completely eliminate this attack. The best method to tackle this attack is by following the best practices: Code review. Manual code analysis. Static code analysis tools Dynamic code analysis tools. etc..
References 24 Deadly Sins of Software Security Mark Shaneck, ”An Overview of Buffer Overflow Vulnerabilities and Internet Worms”, CSCI 8980, December 10, 2003.