Buffer OverflowWhat is Buffer Overflow?Process Memory OrganizationBuffer OrganizationExamplesSlide 6Buffer Overflow CountermeasuresReferencesThank youBuffer Overflow Maddikayala, jagadish. CSCI 5931Web SecurityProf. T. Andrew Yang Monday Feb. 23CSCI 5931 Web Security What is Buffer Overflow?A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C Buffer overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold Buffer overflows are exploited to change the flow of a program in executionBuffer overflows are by far the most commonly exploited bug on the linux/unix Operating systemsCSCI 5931 Web Security Process Memory Organizationenv, argv stringsenv, argv pointersstackheap.bss.data.textHigh addessLow addressHeapint main(){Char *var = malloc(3);…}var points to an address which is in the heap.bsschar global;int main(){….}int main(){static int var;…}global and var will be in .bss.datachar global = ‘a’;int main(){…}int main(){static char var = ‘a’;…}global and var will be in .dataCSCI 5931 Web Security Buffer OrganizationStorage of xyz buffer.Buffer “xyz” in memoryTwo consecutive buffers, xyz and abcde.\0 z y x\0 z y x\0 ed c b aUnused byte1 word = 4 bytesCSCI 5931 Web Security Examples char a[5]="yang"; char b[9]="security"; strcpy(b, "maddikayala"); printf("%s\n", a);Initial stack organization After the overflow \0g n a y\0y t i ru c e s\0g n a y\0 a l ay a k id d a mababCSCI 5931 Web Security Exampleschar a[4]="tom";char b[8]="michael";strcpy(b, "maddikayala");printf("%s\n", a); Initial stack organization After the overflow\0 m o t\0 l a eh c i m\0 a l ay a k id d a maba overwrittenbThis is the kind of vulnerability used in buffer overflow exploitsCSCI 5931 Web Security Buffer Overflow Countermeasures Write secure codeNon-executable BuffersAdvanced debugging tools–Fault injection tools–Static analysis tools–StackShield and StackGuardCompilers–offer warnings on the use of unsafe constructs such as gets (), strcpy ()–generate the code with built-in safeguards to prevent the use of illegal addressesCSCI 5931 Web Security Referenceshttp://mixter.void.ru/exploit.htmlhttp://www.linuxjournal.com/article.php?sid=6701http://www.linuxjournal.com/article.php?sid=2902http://www.devbuilder.org/asp/dev_article.asp?aspid=43http://immunix.org/StackGuard/discex00.pdfhttp://www.infosecwriters.com/texts.php?op=display&id=134http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549024,00.htmlCSCI 5931 Web Security Thank you Any
View Full Document
Unlocking...