Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Slides:



Advertisements
Similar presentations
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Advertisements

Smashing the Stack for Fun and Profit
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Prof. Bodik CS 164 Lecture 261 Language Security Lecture 26.
Stack buffer overflow
Buffer Overflow By: John Quach and Napoleon N. Valdez.
Teaching Buffer Overflow Ken Williams NC A&T State University.
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Jonathan Pincus Microsoft Research Brandon Baker Microsoft Carl Hartung CSCI 7143:
Buffer Overflow. Process Memory Organization.
Computer Security Buffer Overflow lab Eu-Jin Goh.
Netprog: Buffer Overflow1 Buffer Overflow Exploits Taken shamelessly from: netprog/overflow.ppt.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Fall 2008CS 334: Computer SecuritySlide #1 Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit.
Lecture 0 Appendix on Implementation Threats Material from Warren Page & Chpt 11, Information Security by Mark Stamp.
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
Buffer Overflows : An In-depth Analysis. Introduction Buffer overflows were understood as early as 1972 The legendary Morris Worm made use of a Buffer.
Mitigation of Buffer Overflow Attacks
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.
University of Washington Today Happy Monday! HW2 due, how is Lab 3 going? Today we’ll go over:  Address space layout  Input buffers on the stack  Overflowing.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Smashing the Stack Overview The Stack Region Buffer Overflow
Buffer Overflows Many of the following slides are based on those from
Buffer Overflow. Introduction On many C implementations, it is possible to corrupt the execution stack by writing past the end of an array. Known as smash.
Chapter-4 Software Security Why Software?  Why is software as important to security as crypto, access control and protocols?  Virtually all of information.
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Buffer Overflow Group 7Group 8 Nathaniel CrowellDerek Edwards Punna ChalasaniAxel Abellard Steven Studniarz.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
Stack-based buffer overflows Yves Younan DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
A Tool for Pro-active Defense Against the Buffer Overrun Attack D. Bruschi, E. Rosti, R. Banfi Presented By: Warshavsky Alex.
Buffer overflow and stack smashing attacks Principles of application software security.
CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to.
Heap Overflows. What is a Heap? malloc(), free(), realloc() Stores global variables Automatic memory allocation/deallocation Allocated at runtime Implemented.
Shellcode COSC 480 Presentation Alison Buben.
Buffer Overflow By Collin Donaldson.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
The Hardware/Software Interface CSE351 Winter 2013
CSC 495/583 Topics of Software Security Stack Overflows (2)
Software Security.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Advanced Buffer Overflow: Pointer subterfuge
Lecture 9: Buffer Overflow*
Smashing the Stack for Fun and Profit
FIGURE Illustration of Stack Buffer Overflow
Presentation transcript:

Buffer Overflows By Tim Peterson Joel Miller Dan Block

Overview What is a Buffer Overflow? Demo of a Stack Overflow Prevention Techniques Resources

Definition via wikipedia… “a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.”

Why does this matter? You can overwrite the return address! Why does that matter? Because you can overwrite the return address, you can jump to an arbitrary code segment (in particular your own)

How does it work Arg Return Addr Local vars Local vars (buffer) Stack Heap High Low Does it matter which way the Stack grows? What about size of variables and alignment? Once the return address is overwritten you ideally want to have it jump back into the buffer you overwrote

How does it work…. int main(){ char buf[16]; gets(buf); } Functions like gets and strcpy don’t check bounds of the buffer and therefore are susceptible to an attack.

How to execute arbitrary code Assume at this point you know there exists a buffer which is exploitable. Step 1: Using GDB determine the absolute address of the buffer. Step 2: Create a well-crafted string which includes the code you would like to execute and the address of the buffer. “code|buffer address” Step 3: Pass this string into the buffer

Well-crafted String?? Metasploit.com is your friend If it is going to be handcrafted watch out for null bytes For the return address you really have 2 options Find the exact offset to the return address and pad the string Write the return address multiple times on the end of the string and cross your fingers.

Reality In theory this all makes sense but how could I find an exploitable buffer? Guess and check Disassemble and check for calls to exploitable functions (strcpy,gets…) Source code?

Prevention From a developer perspective Don’t write exploitable code Use fgets, strncpy…. Pay attention to compiler and linker warnings From a Sys admin perspective On POSIX-patch gcc to have stack smashing protector AMD64- Data Execution Prevention (windows, Linux?) PaX - software emulated Data Execution Prevention (Linux) Windows update

Resources Wikipedia -en.wikipedia.com Metaploit Project - metasploit.com Stack Smashing for fun and Profit - Stack Smashing Protector- p/ PAX - pax.grsecurity.net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.