Buffer Overflows
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Buffer Overflows

  1. #1
    Banned
    Join Date
    Sep 2001
    Posts
    64

    Buffer Overflows

    ok im going to ask a question about buffer overflows, dont flame me cause i know im a newbie and i dont need to be reminded.

    Ok ive been hearing alot about buffer overflows i know that it's a programming error that makes the buffer of a program too large or has none at all. Now what i want to know is why is this so effective in hacking into a system? Does this give the attacker a remote command prompt or does it just crash security software, what does the buffer overflow do to aide the hacker?

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    67
    A quick example:

    One of the first computer break-ins that used a buffer overflow was the Morris worm. The worm used a buffer overflow in the finger service, a service that sends out information about the set of users on a UNIX box. Today, buffer overflows are still a very high threat to intusions today.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    138
    Check out out friend alpha1 on google.com or you can download phrack 49 which has an article called "Smashing the stack for fun a profit" which will be VERY helpful in your quest for this information...
    http://www25.brinkster.com/cheeseball

    -- Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment--

  4. #4
    Banned
    Join Date
    Sep 2001
    Posts
    522
    Buffer Overflows crash a program(sometimes the entire system) ..... depending on what program u send this out to different things can occur.....

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    In brief, a buffer overflow is when you try (perhaps maliciously) to put too much data in a buffer, a buffer being a fixed size memory space.

    Concreatly (is this word English or am I translating badly?), you could see this situation while entering a password for example: if the programmer set a fixed maximum size for the password, but doesn't check that the input is within the maximum size, the password buffer will overflow.

    The next step in this is that a malicious hacker will try to format the overflowing data in a certain way and with specific content that it will reach the executable memory space of the computer, making it do bad things. If the overflowing data isn't crafted correctly, this will often result in a crash either of the program or of the system, depending where the overflowing data landed.

    Hope this gives you an idea...

    Ammo
    Credit travels up, blame travels down -- The Boss

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    109

    Re: Buffer Overflows

    Originally posted here by NetwrkBurn
    Ok ive been hearing alot about buffer overflows i know that it's a programming error that makes the buffer of a program too large or has none at all.
    Think of what happenes if you pour too much water into a glass, the excess water goes all over the place making a mess of things.

    A similar result is what happens in memory, the excess memory overwrites. That is a really basic explination though, I just figured this is where you were stuck in understanding them.

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Here's an example of something that could be overflowed:

    #!/usr/bin/perl

    print "Give me a word: "; # ask for a word
    chomp($foo=<STDIN>); # get input

    ... do stuff here ...

    Now, this is minorly an example because (since I didn't explicitly state it), there's no error checking on $foo, which is standard input. This would then pass $foo to whatever function to do whatever with it. Without checking anything in $foo, escape sequences could be used or length (mainly) could overflow a subroutine and pass other code to be executed/etc...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    Banned
    Join Date
    Sep 2001
    Posts
    64
    ahhh I see thanks alot yall i now have a better understanding of buffer overflows is there an archive of bufferoverflows on the net somewere?

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    Yes, there are lots of places you can get information about buffer overflows - doesn't take much effort to find them. What really surprises me about this is that companies like MS haven't written their code correctly. I've been writing & supporting software for 20 years or so now, and even 20 years ago failing to validate the input field e.g. length of data, correct structure (numeric, character, binary, etc. etc.), would be considered a serious mistake
    Often the problem is not the program itself, but the routine it calls to get the data, which allows these buffer overflows to take place - I don't think I'm giving anything away here, but the sorts of things you put in the overflow part of the buffer are machine code instructions to cause something untoward to happen.

  10. #10
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716

    Thumbs up

    A lot of the time it is the fault of the compiler.
    here's a short quote from the man page on gets().

    Never use gets(). Because it is impossible to tell without
    knowing the data in advance how many characters gets()
    will read, and because gets() will continue to store characters
    past the end of the buffer, it is extremely dangerous to use. It has
    been used to break computer security. Use fgets() instead.
    They still ship these functions with the compiler, and then
    tell you not to use them.
    I came in to the world with nothing. I still have most of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •