Buffer Overflows Hear it!

Buffer Overflows Hacker Definition
The result of faulty programs that do not adequately manage buffers, buffer overflows occur when a program writes data beyond the bounds of allocated memory. In each problem case, data is written in an unexpected location, causing unexpected results. Though often the program will abort, in some cases the overflow can cause data to be written to a memory-mapped file or cause security problems through stack-smashing attacks. The latter targets a certain programming fault and tries to insert arbitrary code into the program to be executed. Thus, relatively creative crackers can take advantage of a buffer overflow vulnerability through stack-smashing, followed by the execution of the inserted code.

Another form of creating a buffer overflow occurs in the dynamically allocated data in the heap at runtime. Stack and heap attacks are technically both buffer overflows, but they work ­differently.

Buffer overflow exploits are not new. Though they are one of the major reasons that computers become infected with worms and viruses in the present day, buffer overflow exploits were associated with the damage done by the Morris worm back in 1988. Buffer overflow exploits were also associated with the damage done by the Blaster worm of 2003.

Generally, buffer overflow exploits attack programs written in C and C++, such that a ­maliciously intended application attempts to take over the program with an excessively large amount of data hiding executable code. After the overflow crashes the victimized program, the malicious code executes its purpose. The most common executions are the deletion of data and the ­conversion of the affected PC into a zombie—relaying spam or adversely impacting other computers.

In an ideal world, buffer overflow exploits would not occur. But then again, programmers have not written perfect software in the past, and they no doubt will continue to err into the future. Java programs, in fact, are slower performing but do not allow for buffer overflow exploits. Moreover, the 2004 Windows XP Service Pack 2 provides another good defense against these exploits. In the latter, there is special “no execute” code (or NX flag) that when run on compatible processors prevents code from running in the areas of memory where the buffer overflow attacks are supposed to occur.

A number of tools let crackers exploit vulnerabilities in software. For example, Digital Monkey’s Buffer Syringe is a simple tool that permits buffer overflow exploits.

See Also: Code or Source Code; Cracking; Exploit; Stack-Smashing.

Breeden II, J. ‘No Execute’ Flag Waves Off Buffer Attacks. [Online, February 27, 2005.] The Washington Post Company Website. http://www.washingtonpost .com/wp-dyn/articles/A55209-2005Feb26.html; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/ hacking-dict.html; Sturdevant, C. Hacking Tools Can Strengthen Security. [Online, March 21, 2005.] Ziff Davis Publishing Holdings Inc Website. http://www.eweek.com/article2/ 0,1759,1776613,00.asp; Thomas, E.R. Introduction: Buffer Overflow Vulnerabilities. [Online, May 14, 2005.] Guardian Digital, Inc. Website. http://www.linuxsecurity.com/content/view/ 118881/49/.