jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
knowledge/technology/hacking/Buffer Overflow.md
JMARyA 76626a468c
add vulns
2024-05-02 21:59:25 +02:00

2.7 KiB
Raw Blame History

obj wiki rev
concept https://en.wikipedia.org/wiki/Buffer_overflow 2024-05-02

Buffer Overflows

Buffer overflow is a type of vulnerability that occurs when a program writes more data to a buffer (a fixed-size memory storage area) than it was allocated, leading to corruption of adjacent memory locations. This can result in unpredictable behavior, crashes, or even exploitation by attackers to execute arbitrary code.

How Buffer Overflows Work

  1. Buffer Allocation: In programming languages like C and C++, developers often allocate fixed-size buffers to store data.
  2. Data Input: When data is input into the buffer, if it exceeds the allocated size, it overflows into adjacent memory locations.
  3. Memory Corruption: The overflowed data can overwrite other variables, control structures, or even function pointers in memory.
  4. Exploitation: Attackers can craft input data to overflow the buffer strategically, overwrite critical memory locations, and gain control over the program's execution flow.

Types of Buffer Overflows

  1. Stack-Based Buffer Overflow: Occurs when the overflow corrupts the stack memory, including return addresses, function pointers, and local variables.
  2. Heap-Based Buffer Overflow: Occurs when the overflow corrupts dynamically allocated memory on the heap, typically through misuse of functions like malloc and free.
  3. Format String Vulnerability: A subtype of buffer overflow where the attacker controls the format string argument in functions like printf, leading to memory corruption and potential code execution.

Impact of Buffer Overflows

  • Crashes: Buffer overflows often cause crashes or segmentation faults, leading to denial of service.
  • Arbitrary Code Execution: Attackers can exploit buffer overflows to execute arbitrary code with the privileges of the vulnerable program.
  • Privilege Escalation: Buffer overflows can be used to escalate privileges and gain unauthorized access to system resources.

Prevention and Mitigation

  1. Input Validation: Validate and sanitize input data to ensure it doesn't exceed the buffer size.
  2. Bounds Checking: Use programming languages or libraries that perform bounds checking automatically.
  3. Compiler Protections: Utilize compiler features like stack canaries, which detect stack-based buffer overflows at runtime.
  4. Address Space Layout Randomization (ASLR): Randomize memory addresses to make it harder for attackers to predict memory locations for exploitation.
  5. Executable Space Protection: Mark memory regions as non-executable to prevent the execution of injected shellcode.
  6. Code Auditing: Regularly audit code for vulnerabilities and employ static and dynamic analysis tools to detect buffer overflow issues.