Buffer Overflow Attack and its Prevention
Table of Contents
Buffer Overflow
An information security or programming problem occurs when a programme writes data to a buffer but overshoots the buffer’s boundary, resulting in data overwriting memory locations that are adjacent to the buffer.
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. As a result, the programme attempting to write the data to the buffer overwrites adjacent memory locations.
A buffer is a section of memory reserved for holding data while it is being moved around or between programmes. Malformed inputs can often lead to buffer overflows, and in that situation, an anomalous transaction could produce more data, causing it to write past the end of the buffer. Erratic programme behaviour might include memory access errors, incorrect results, and crashes.
It is an established security exploit to exploit buffer overflows. The memory layout of a programme, or the overall system, is commonly well-defined on many different platforms. Forcing a buffer overflow yields the ability to inject malicious code or to overwrite data relating to the program’s state, thereby causing behaviour that was not originally programmed into the application. It is possible to use buffer overflow techniques to gain unauthorised access to the computer’s resources and cause privilege escalation. This attack technique was also employed by the notorious Morris worm in 1988.
Also Read: How to use Shodan Search Engine? and How does Darkside Ransomware work?
For example, if a buffer is intended to provide username and password inputs with 8 bytes, the programme may write the excess data over the buffer line if the transaction involves an input of 10 bytes (i.e. 2 bytes more than expected).
Overflows of buffers can affect all software types. It usually leads to mis formed inputs or a lack of sufficient buffer space. If the transaction overwrites executable code, it can lead to an unpredictable course of action by causing programme malfunctioning, storage access errors or crashes.
What is Buffer Overflow Attack?
Attackers use buffer overflow problems by overwriting an application’s memory. This modifies the programme execution path, causing a response that damages files or displays private information. For example, an assailant may enter additional code and send new instructions for accessing IT systems to the application.
If an attacker is aware of the program’s memory layout, they can deliberately feed inputs that the buffers cannot store and overwrite areas that have executable code to replace it with their own code. For example, a pointer (an object pointing to another area of memory) can be overwritten by an aggressor and pointed to a usable feat to gain control.
Also Read: How to get a Cyber Security Internship? and The Role of Artificial Intelligence in Ethical Hacking
Types of Overflow Buffer Attacks
- Stack-based buffer overflows are more prevalent and use the stack memory which is available only during function runtime.
- Heap-based attacks are more difficult to perform and involve the memory of a programme beyond the memory that is used for current operations.
What are the most vulnerable programming languages?
C and C++ are two languages that are very vulnerable to buffer overflow attacks because they don’t have built-in safeguards against overwriting or data-access in their memory. Mac OSX, Windows, and Linux all use code written in C and C++.
The buffer overflow is minimised through integrated security mechanisms in languages like PERL, Java, JavaScript and C#.
Also Read: Parrot OS vs Kali Linux and Best Cyber Security Tools in 2021
How to avoid Buffer Overflow
Developers can protect against buffer overflow vulnerabilities through security measures or by using built-in languages that offer built-in protection.
Modern operating systems have routine protection. There are three common safeguards:
Address space randomization – moves randomly around data regions’ address spaces. In general, buffer overflow attacks need to know the location of the executable code and it is almost impossible to randomise address spaces.
Data Execution prevention —flags certain memory areas as non-executable or executable which will stop a non-executable code attack.
Structured Exception Handler Overwrite Protection (SEHOP) — helps to prevent malicious code from attacking a built-in hardware and software exception management system called Structured Exception Handling (SEH). This prevents an assailant from using the exploitation technique overwritten by the SEH. In a functional level, a stack-based buffer overflow is used to override a record of the exception record stored on a stack in a thread.
Code and system protection security measures are not sufficient. If an organisation discovers an overflow vulnerability of the buffer, the organisation needs to react fast to patching the affected software and to ensure that users can access the patch.