In computer security and programming, a buffer overflow or buffer overflow, is an anomaly when a process tries to store data beyond the boundaries of a buffer of fixed length. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, the data flow and program variables, and can program in irregular behavior, a memory access exception of program termination (crash), incorrect results, or especially if targeted resultscaused by a user malignant potential violation of system security.
Why BOF?
C and C + + are most commonly associated with buffer overflows, as it does not offer built-in protection against accessing or overwriting data in any part of memory and does not check that data written (an array of built-in buffer ) within the bounds of the array.
A buffer overflow occurs when data is written into a buffer, due to insufficient bounds checking, corrupts dataValues in memory addresses in addition to the allocated buffer. Most frequently occurs when the copy of these strings from a buffer to another.
Buffer overflows can be designed with the inputs to execute malicious code or take steps to operate the program in a non-intentional. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by the programmer, the compiler and runtime can prevent bufferoverflow.
Types of buffer overflow:
In general terms, there are essentially two types of buffer overflow
O stack-based buffer overflow
Or heap-based buffer overflow
Stack-based buffer overflow:
In software, a buffer overflow occurs when a program to a memory address on the program call stack writes the proposed structure of data, usually a buffer of fixed length. Errors stack buffer overflow occurs when a program writes more data into a bufferis on the stack when it was, in fact, that was assigned. This is almost always in the corruption of adjacent data stack, and in cases where the excess has been accidentally triggered, it is often possible to bring the program to crash or not function properly. This type of overflow is part of the general class of programming errors known as buffer overruns. If the program runs hit with special privileges, or takes data from a host network of trust (eg a Web server), thenThe bug is a potential security hole. If the buffer stack is supplied with data from a trusted user then the user is full of corruption stack can to infiltrate the executable code into program execution and process control. This is one of the most ancient and most reliable for blacks hats for unauthorized access to a computer.
Heap-based buffer overflow:
A heap overflow is a type of buffer overflow that occurs in the data heap. Memorythe heap is dynamically with the application at runtime and typically contains the program-associated data.
Usage:
Stack usage based on:
A more technical and attacker may exploit stack-based buffer overflow, in order to manipulate the program in one of several possibilities:
To overwrite a local variable or near the buffer memory on the stack for the program behavior that can benefit the attacker to change.
or overwriting the return address in aStack frame. Once the function is ready to resume the execution of the sender's address, as specified by the attacker, usually a user input.
O to overwrite a function pointer or exception handler, which is then executed.
Overridden by a method called "springboard" when the address is the user-supplied data is not known, but the path is stored in a register, then the return address may be the address of an opcode will cause l ' execution to anchorData provided by the user. If the path is stored in a register R, then back to the position of the opcode for a jump R, call R or similar instruction, the execution of a user because the data provided. The locations of suitable opcodes, or bytes of memory, the DLL can be found, or the executable file. However, the address of the opcode of the rule may change without null characters and the locations of these opcodes between applications and operating system versions. TheMetasploit Project is one such database of suitable opcodes, though only in the Windows operating system are listed found.
Heap-based usage:
A buffer overflow in the heap data area referred to occur as a heap overflow overflow and recovery in another way that the stack-based. Memory on the heap is dynamically with the application at runtime and typically contains the program-associated data. The exploitation of resources from data corruption conducted in someWays that cause the application to ignore the internal structures, such as pointers in the linked list. Technique canonical heap overflow overwrites link memory (eg malloc meta data) and uses the exchange resulting pointer, a program to overwrite a function pointer.
Countermeasures:
Various techniques have been used to detect and prevent buffer overflow, with different compromises. The most reliable way to avoid or prevent the buffer overflow is the use of automatic protectionlevel of language. This type of protection can not be applied to legacy code, and often technical, commercial and cultural ties require a language in danger of extinction. Here are the ways and methods to avoid buffer overflows.
1. Choice of treatment programming languages such as Java,. NET
2. Using library security
3. Executable space protection
4. Address Space Layout Randomization
5. Deep Packet Inspection
6. Disinfection Parameter
0 Comments on “Buffer overflows and Countermeasures”
Leave a Comment