Buffer Overflow

Speaker : Erica

2019 / 11 / 17

 

  • Introduction of Buffer Overflow
  • Lab - Simple buffer overflow
  • How do attackers exploit buffer overflows?
  • Conclusion
  • Reference

Contents

Introduction of

Buffer Overflow

What is Buffer Overflow?

Buffer overflow is an anomaly that occurs when software writing data to a buffer overflows the buffer’s capacity, resulting in adjacent memory locations being overwritten. 

What is Buffer?

A buffer, or data buffer, is an area of physical memory storage used to temporarily store data while it is being moved from one place to another. 

Who is vulnerable to buffer overflow attacks?

Certain coding languages are more susceptible to buffer overflow than others. C and C++ are two popular languages with high vulnerability.

Types of buffer overflow

  • Stack overflow attack 
  • Heap overflow attack
  • Integer overflow attack
  • Unicode overflow

Lab

Simple buffer overflow

Step1 - Coding

#include <stdio.h>

void Name()
{
    char name[10];
    printf("What's your name?\n");
    gets(name);
    printf("Hey %s, how are you?\n", name);
}
int main()
{
    Name();
    return 0;
}

Use C language :

void Name()

char name[10];

It's a function can get the name.

Define a character array "name[10]"

with 10 character elements.

Ask users enter their name.

printf("What's your name?\n");
gets(name);
printf("Hey %s, how are you?\n", name);
void Name(){

Step2 - Install GCC via homebrew (Mac)

You can get homebrew form here .

And install GCC:

$ gcc --version
$ whereis gcc

If you want to confirm the installation, you can execute the following command:

$ brew install gcc

Step2 - Install GCC via mingw (Windows)

You can get mingw form  here .

And change the Environmental variables :

$ gcc --v

If you want to confirm the installation in Windows, you can execute the following command:

C:\MinGW\bin

Step3 - Use GCC

Open your command line and enter :

$ gcc overflow.c -o overflow -fno-stack-protector

overflow.c is your file name.

$ gcc overflow.c -o overflow -fno-stack-protector

This command means

"Do not enable stack protector".

-fno-stack-protector

This option can be used to set the name of the compiled product.

-o

$ gcc -o overflow overflow.c -fno-stack-protector
What is your name?

>>>Erica

Hey Erica, how are you?

If your input less than 10: 

Step4 - Run the code

If you use Windows, you can just enter the file name.  

$ ./overflow //overflow
What is your name?

>>>EricaOneAAAAAAAAAA

Hey EricaOneAAAAAAAAAA, how are you?
segmentation fault 

If your input more than 10: 

It means we use "Buffer Overflow" to let this program broken.

segmentation fault

If you remove this command, recompile and execute, you should find a failure.

fno-stack-protector

If your input less than 10

▼ Stack

Why segmentation fault?

name[1]
...
name[10]
rdp
ret of Name

If your input more than 10

▼ Stack

name[1]
...
name[10]
rdp
ret of Name

Erica

OneAA

AAAAAAAA

How do attackers exploit buffer overflows?

An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space.

Conclusion

How to prevent buffer overflow attack?

2 common protections that help mitigate the risk of exploitation :

  1. Address space randomization
  2. Data execution prevention

Software developers can also take precautions against buffer overflow vulnerabilities by writing in languages that have built-in protections or using special security procedures in their code.

Reference

Reference - 2

Thanks for listening. 

Buffer Overflow

By oneone

Buffer Overflow

11/17 present

  • 71