Buffer Overflow Attack – A Structured Overview In 6 Points

Introduction

A buffer is a small memory allocation used when a program or a process is executed. Buffer is a small memory allocated for specific input. It is stored on the system of the server of the website. If you are a programmer, you very well know that a certain amount of memory is allocated for every code you write. You need to take care of memory before you write any program. So a buffer is a small memory size-specific memory size allocated for every input you take in your program.

  1. What is Buffer Overflow?
  2. What is Buffer Overflow Attack?
  3. Types of Buffer Overflow Attacks
  4. Environments Affected
  5. Programming Languages that are prone to Vulnerability?
  6. How to Prevent Buffer Overflows

1) What is Buffer Overflow?

A buffer overflow arises when the quantum of data is more than the storage capacity of the memory. Buffer overflow is an example of bad programming. It has the potential to cause damage.

Consider a situation, suppose you are filling a form on a website or trying to log in. There is a username field in which you need to enter your username and now if the maximum character allowed for the username is 20. You entered something longer than 20 characters you gave an input more than the buffer can hold then the program must raise an error because the buffer only knows that 20 bytes are to be allocated for the username. Then the program must raise an error if it is written correctly.

It should prompt the user to enter less than or equal to 20 characters, but if the program is not written correctly, it will not show any error, it will take the extra input and process it. And it will put the extra input adjacent to the actual buffer and take it in the memory. In other words, the buffer size will get overflowed, and the extra input will also be processed; this is the vulnerability. This is called a buffer overflow. So buffer overflow is a condition when a program writes extra data to the memory than it is supposed to take.

2) What is Buffer Overflow Attack?

If the coding is not done properly it leaves the space for the attackers to alter the program, thereby enabling the attackers to access the data, alter the codes intentionally, delete some files, damage certain files etc. Attackers exploit the opportunity of bad programming.

For instance, continuing the above example, what happens with the excess input went into the overflown buffer. What if, excess input contains any shell command or a malicious script, or a virus command. It will go to the system itself and get executed. Once a script is executed on a system, the attacker can easily get access to the system. The attacker can send a command to download the database or drop the tables and delete files.

Also, due to an overflow of input, the system may get crashed and ultimately go down. To summarise, the attacker can challenge the integrity of the server and system. This vulnerability is exploited to target web applications, programs, and servers. The vulnerability is caused by newbies who are new to programming and leave such conditions that don’t raise any error.

3) Types of Buffer Overflow Attacks

The buffer overflow attacks can be categorised as follows:

  • Stack-based buffer overflows are more familiar among the attackers whereby attackers exploit the execution of the process.  They get the unauthorised access to a system and can corrupt the stack by altering executable code by replacing it with its own malicious code into the currently running program and take command over the process.
  • Heap-based attacks are difficult to execute and therefore it is least common to attackers. It occurs in the heap data area.It takes place in an open memory pool. It is exploitable in a different manner to that of stack-based overflows. Heap memory is allocated at runtime and usually contains the program data. Exploited in such a manner as to cause the application to overwrite internal structures. 

4) Environments Affected

Buffer overflows can affect almost all kinds of software, web servers, application server, and web applications.

5) Programming Languages that are prone to Vulnerability?

The two popular languages C and C  are highly exposed to buffer overflow attacks, as they don’t have integrated safeguards mechanism against overwriting or accessing data in their memory. Operating systems like Mac OSX, Linux, and Windows etc. all use code written in C and C language.

New languages such as PERL, Java, and Python, use built-in safety mechanisms that mitigate the likelihood of buffer overflow to some extent.

6) How to Prevent Buffer Overflows

There are various techniques used to enhance the executable program’s security by detecting buffer overflows. The most reliable way to avoid or prevent buffer overflows is to use language that does not simply allow them. But it is not always possible to change the language of the already developed code. In such cases there are alternative ways also, to prevent buffer overflow. 

Some of the common protections methods used to prevent and mitigate buffer overflow are listed below:

  • Address space layout randomization(ASLR)- One technique to prevent buffer overflow is Address space layout randomization. Address space layout randomization is a security feature for operating systems that protect against buffer overflow attacks by randomizing the region where system executables are laden in the memory.
  • Static analysis– In static analysis, red flags are identified for the potential buffer overflows. The source code is specified for dangerous library calls and race conditions to detect potential buffer overflows. These can be then fixed separately, instead of, searching manually through the code base for them.
  • Testing– It involves checking for buffer overflows and fixing the bugs that cause them generally helps in preventing buffer overflows. Edge case testing can also detect buffer overflows, as can static analysis.

Conclusion

Therefore, understanding buffer, buffer overflow, and buffer overflow attacks are some crucial points in executing a program. Hopefully, this article has helped in explaining them.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.

ALSO READ

Related Articles

loader
Please wait while your application is being created.
Request Callback