Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention."— Presentation transcript:

1 Gabe Kanzelmeyer CS 450 4/14/10

2  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention

3  A buffer (array/string) that holds data  Buffer stored in memory (finite)  Example. char buffer[10] (sets aside buffer[0] – buffer[9]) Consider: buffer[10] = ‘A’; What will happen?

4  Compiler detects out of bounds  Consider: buffer[i] = ‘A’;  What happens then?  Depends, cant identify problem until execution.

5 First two only effect the user. Malicious programmer focuses on accessing the second two.

6  Text – program code  Data – global data  Stack and Heap – allocate at run-time  Stack - stores function arguments, local variables, values of selected registers

7  When a procedure is called, the return address for function call, is put into the stack  Key importance for attacker  Overwrite the return address stored on the stack, upon termination of the procedure, it would be loaded into the EIP register (instruction counter), potentially allowing any overflow code to be executed.

8  void f(int a, int b) { char buf[10]; } void main() { f(1, 2); }

9  How to recognize where an attack may occur? Return address on stack Data on stack With this in mind lets consider the following…

10 #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0‘ //size = 16 bytes void main() { char buf[8]; strcpy(buf, code); } -Frame address -Return address -overwritten Modified return address is pushed into instruction counter

11  1. Discovering a code, which is vulnerable to a buffer overflow.  2. Determining the number of bytes to be long enough to overwrite the return address.  3. Calculating the address to point the alternate code.  4. Writing the code to be executed.  5. Linking everything together and testing

12 #include #define BUF_LEN 40 void main(int argc, char **argv) { char buf[BUF_LEN]; if (argv > 1) { printf(„\buffer length: %d\nparameter length: %d”, BUF_LEN, strlen(argv[1]) ); strcpy(buf, argv[1]); }

13  Consider: victim.exe AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA If access violation error Try: victim.exe AAAABBBBCCCCDDDDEEEEFFFFGGGG………

14  If successful, error message: “The instruction at “0x4b4b4b4b” referenced memory at “0x4b4b4b4b”. The memory could not be read. 0x4b is ASCII“K” Return address has been overwritten with KKKK

15  From here you can do whatever you want Inject shell code to gain “super user” access Inject address to malicious code Use vulnerable system to exploit Denial of service attack

16  Poor programming practices  Text/string manipulation functions strcpy() strcat() sprintf() gets() Etc…

17  Library based defenses Re-implemented unsafe functions (Libsafe) Detects illegitimate code on the stack (SecureWave) Compiler based runtime boundaries

18

Download ppt "Gabe Kanzelmeyer CS 450 4/14/10.  What is buffer overflow?  How memory is processed and the stack  The threat  Stack overrun attack  Dangers  Prevention."

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
1 Chapter 10 Strings and Pointers. 2 Introduction  String Constant  Example: printf(“Hello”); “Hello” : a string constant oA string constant is a series.

1 Chapter 10 Strings and Pointers. 2 Introduction  String Constant  Example: printf(“Hello”); “Hello” : a string constant oA string constant is a series.
Lecture 20 Arrays and Strings

Lecture 20 Arrays and Strings
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.

What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Review: Software Security David Brumley Carnegie Mellon University.

Review: Software Security David Brumley Carnegie Mellon University.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.

Intro to Exploitation Stack Overflows James McFadyen UTD Computer Security Group 10/20/2011.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow.

Stack buffer overflow
Buffer Overflow Exploits CS-480b Dick Steflik. What is a buffer overflow? Memory global static heap malloc( ), new Stack non-static local variabled value.

Buffer Overflow Exploits CS-480b Dick Steflik. What is a buffer overflow? Memory global static heap malloc( ), new Stack non-static local variabled value.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.

Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks Zili Shao, Chun Xue, Qingfeng Zhuge, Edwin H.-M. Sha International.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Lecture 16 Buffer Overflow

Lecture 16 Buffer Overflow
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Similar presentations

Ads by Google