Occurs when a program writes more data into a buffer than the allocated memory space.
- Data exceeds allocated memory
- Adjacent memory regions are overwritten
- Often occurs in languages like C/C++
Shellcode
The malicious machine code injected by attackers through exploits such as buffer overflows.
Effects of Buffer Overflow
Possible outcomes:
- Overwrite program data
- Overwrite instructions
- Execute attacker code
- Crash the program (Denial of Service)
- Gain system privileges
Reasons
Programmer error
char sample[10];
for (i=1; i<=10; i++)
sample[i] = 'A';This writes one char beyond the allocated buffer. This exact example is referred to as off-by-one error.
Unsafe libraries
Certain standard C functions do not check buffer size before copying data, and are vulnerable to overflow.
Examples:
gets()sprintf()strcat()strcpy()vsprintf()
Stack Buffer Overflow
A stack overflow attack overwrites data on the stack, often modifying the return address.
- Function call stores return address in stack.
- Buffer overflow overwrites this address.
- Program returns to attacker-controlled code.
- Often executed after overflow
- Typically launches a command shell
- Architecture and OS specific
Example functionality:
- Launch remote shell
- Execute system commands
- Gain system control
Solutions
Two major defense categories:
Compile-Time Defenses
Security mechanisms applied during program compilation.
- Use safer programming languages
- Apply secure coding practices
- Replace unsafe libraries
- Stack protection mechanisms
Examples:
- Stack canaries
- StackShield
- Return Address Defender
Run-Time Defenses
Protection mechanisms applied during program execution.
Executable Address Space Protection marks certain memory regions as non-executable.
Address Space Layout Randomization (aka. ASLR) randomizes locations of:
- Stack
- Heap
- Libraries
Guard pages can also be used which are special memory pages that trigger errors if accessed.