Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Slides:



Advertisements
Similar presentations
Buffer Overflow Prabhaker Mateti Wright State University.
Advertisements

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
1 Chapter 10 Strings and Pointers. 2 Introduction  String Constant  Example: printf(“Hello”); “Hello” : a string constant oA string constant is a series.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Chapter 7 Process Environment Chien-Chung Shen CIS, UD
Buffer Overflows By Tim Peterson Joel Miller Dan Block.
Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.
Stack buffer overflow.
Buffer Overflow Exploits CS-480b Dick Steflik. What is a buffer overflow? Memory global static heap malloc( ), new Stack non-static local variabled value.
Computer Security Buffer Overflow lab Eu-Jin Goh.
Unix Process Environment. main Function A C program starts execution with a function called main. The prototype for the main function is: int main (int.
Advanced Programming in the UNIX Environment Hop Lee.
Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.
S ECURE P ROGRAMMING 2. I NTRODUCTION TO S TATIC A NALYSIS Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with Static Analysis,
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2012.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
University of Virginia Department of Computer Science1 Applications of Software Dynamic Translation Jack Davidson University of Virginia February 27, 2002.
University of Washington Today Happy Monday! HW2 due, how is Lab 3 going? Today we’ll go over:  Address space layout  Input buffers on the stack  Overflowing.
Exploitation Of Windows Buffer Overflows. What is a Buffer Overflow A buffer overflow is when memory is copied to a location that is outside of its allocated.
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Section 3.4: Buffer Overflow Attack: Attack Techniques 1.
Stack-based buffer overflows Yves Younan DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow I: Attack Introduction Cliff Zou Spring 2015.
Buffer overflow and stack smashing attacks Principles of application software security.
CS 155 Section 1 PP1 Eu-Jin Goh. Setting up Environment Demo.
Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!!
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
1988 Morris Worm … estimated 10% penetration 2001 Code Red … 300,00 computers breached 2003 Slammer/Sapphire … 75,00 infections in 10 min Zotob …
CS 3214 Computer Systems Godmar Back Lecture 7. Announcements Stay tuned for Project 2 & Exercise 4 Project 1 due Sep 16 Auto-fail rule 1: –Need at least.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2014.
Chapter 5 Pointers and Arrays Ku-Yaw Chang Assistant Professor, Department of Computer Science and Information Engineering Da-Yeh.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
“Success consists of going from failure to failure without loss of enthusiasm.” Winston Churchill.
Chapter 7 Process Environment Chien-Chung Shen CIS/UD
Variables Bryce Boe 2012/09/05 CS32, Summer 2012 B.
Buffer Overflow By Collin Donaldson.
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Webserver w/user threads
Command line arguments
C Basics.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Objective Explain basic fuzzing with concrete coding example
Stack buffer overflow.
Dynamic Memory A whole heap of fun….
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2015.
CNT4704: Analysis of Computer Communication Network Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Fall 2011.
C Programming Getting started Variables Basic C operators Conditionals
CNT4704: Analysis of Computer Communication Network Special Topic: Buffer Overflow I: Attack Introduction Cliff Zou Fall 2011.
GSM Global System for Mobile Communications, 1992
Malware and Software Vulnerability Analysis Fuzzing Test Example Cliff Zou University of Central Florida.
The Stack.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2016.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2013.
FIGURE Illustration of Stack Buffer Overflow
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2010.
Extra C Material Based on material in: The C Programming Language, Second Edition by Brian W. Kernighan and Dennis M. Ritchie. Prentice Hall, Inc., 1988. 
Presentation transcript:

Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow

What is a stack buffer overflow? Caused when a program writes more data to a buffer on the stack than what was initially allocated for the buffer Causes bugs, crashes, and can be used in an attack known as stack smashing (executing arbitrary code on a protected machine) Notable Example: Twilight Hack

#include <string.h> void foo (char *bar) { char c[12]; strcpy (c, bar); //no bound } int main (int argc, char **argv) foo(argv[1]);

Normal Execution “hello” is written to the char buffer. Note the null terminating byte. #include <string.h> void foo (char *bar) { char c[12]; strcpy (c, bar); //no bound } int main (int argc, char **argv) foo(argv[1]);

Buffer Overflow! Called with argument: AAAAAAAAAAAAAAAAAAAA\x08\x35\xC0\x80 The return address now points to the start of the 12-byte buffer.

Lab 3 Due Wednesday April 15th. Stack buffer overflow problem, very similar to what we have described today.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.