Buffer Overflow

Buffer Overflow

What is a Buffer Overflow and when does it happen ?

A buffer overflow is an anomaly that occurs when a software writing data to a buffer exceeds the capacity of the buffer, causing adjacent memory locations to be overwritten.
In other words, too much information is transmitted in a container that does not have enought space, and this information ends up replacing the data in the adjacent containers.

What are the consequences ?

The buffer overflow can crash a program by writing in a buffer more date than it can countain, in order to overwrite parts of the application code and inject payload to exploit the application crash.
They can be exploited by attackers to corrupt software. For example, if the overwritten part in memory contains a pointer, attacker code could replace that code with another pointer that points to an exploitation payload. This can transfer control of the entire program to the attacker’s code.

How to protect from buffer overflow ?

-During development you can use libraries specialized against overflow buffers.
-Use a language that have built-in fearures that help reduce this risk. (for example Java, Python, C#…)
C and C++ are both vulnerable because they don’t contain protection against buffer overflow. (Windows, Mac OSX and Linux all contain code in those languages)
-Use software specialized in source code verification. (for example Qaudit, Flawfinder..)
-Audit the compiled program using tools such as BFBTester.
-Apply the pactches provied by the developers ASAP.
-Make the OS reliable so that it is not vulnerable to buffer overflows. (for example grsecurity for Linux)
For Windows 10 you need to activate it. (To do this search for « Adjust the appearance and performance of widows » the click on the « Data execution prevention »)

Sources :

Jason Castella


Laisser un commentaire