What are buffer overflows
What are buffer overflows?
Buffer overflows also known as buffer overrun is a state the happens in all type of applications, it can be in an offline or an online application, from a developer perspective a buffer overflow is a bug that the developer of the application did not thought about or he or she was a bit lazy.
In its basic concept a buffer overflow is when the application is waiting for input data on a fixed size, re the buffer, and receive a buffer that is greater from the expected, re: the overflow, when that happens the application might crash and show an error message to the user, someone that know how to use this information can catch the return address of the crash and manipulate it using a ‘jump call’ to another part in the code or to an added code that he want.
Buffer overflow is a bug, the most common one is when an input contains a buffer that is longer from the variable that needs to contain the data, and this will cause an error that can be used to create an exploit to the application.
The steps to transfer this overflow to something that can be used to penetrate the application will include the following:
- The vulnerability – this is the area in the application that suffers for a buffer overflow.
- The exploit – which is the actual code that we use to run and send the overflow to the application to take it down.
- Shell code – Is the code we send with the exploit to take control over the returning code error after the exploit hit to manipulate the jump to our code, this can be a code to take control over the system, to reverse a command line to the system and so on.
Example of overflow in C/C++ programming language:
In the above buffer overflow example> if the user will input a buffer that is more than 80 characters long, as the name or the password the application will crash and an overflow will accord, a hacker can use this overflow to catch the returning address and point it to another location where it contain an exploit that he will be able to use and to gain control to the system that this application is currently running on this can be also call as a buffer overflow attack.
Most of the buffer overflow> cause due to the fact that developers not always pay attention to the input data that they receive in their application, SDK providers as a result to this and the commonly that buffer overflow attack accord hade to update their code functions with new function that are more secure and receive also a maximum size to the buffer that the function can get as an input, by that if the developer use the new functions, even if the input data is bigger than the buffer size that the developer expected, depend on the function, it can return an error that say that the buffer size is too big and/or it can copy into the buffer number of characters that only match to the size that was pass into the function and ignore all the rest of the buffer.
When a buffer overrun detected> or a buffer overflow detected in application, it is the responsible of the application author to fix it, by releasing a new version of the application or a release of a new patch that fix the overflow in the code. Today software development companies use automation and manuals tools to detect if their application might contains location that may be hacked using a buffer overflow techniques, the tool can check the source code itself and also run a set of checks against the compiles application, re: the exe.
What is buffer overflow attack?
A buffer overflow attack is a state that user using automation tool or manually try to send data to a service that expect to get data, but the data that the user send to the services does not contain only real expecting data but also some gibberish data, short data, long data, very long data, data that contains special characters and so on, that the user is hopefully generate an exception in the service and with this exception and the error code and the message code that the environment will generate he will be able to create his/her own pattern to regenerate this error, and also to create an exploit to use against this application, keep in mind that if one found in a common service that use over the global that mean that the user that found this overflow can use it against this service all around the global.
There are two main types of commonly used buffer overflows, the heap and the stack. the heap buffer overflow is when user try to hit the application heap location, the heap memory is allocated in run time. The stack buffer overflow is when user tries to hit the application stack memory, most of the fixed size variables are declare on the stack.