-
May 25th, 2002, 10:44 PM
#1
Buffer Overflows
ok im going to ask a question about buffer overflows, dont flame me cause i know im a newbie and i dont need to be reminded.
Ok ive been hearing alot about buffer overflows i know that it's a programming error that makes the buffer of a program too large or has none at all. Now what i want to know is why is this so effective in hacking into a system? Does this give the attacker a remote command prompt or does it just crash security software, what does the buffer overflow do to aide the hacker?
-
May 25th, 2002, 11:05 PM
#2
A quick example:
One of the first computer break-ins that used a buffer overflow was the Morris worm. The worm used a buffer overflow in the finger service, a service that sends out information about the set of users on a UNIX box. Today, buffer overflows are still a very high threat to intusions today.
-
May 25th, 2002, 11:05 PM
#3
Check out out friend alpha1 on google.com or you can download phrack 49 which has an article called "Smashing the stack for fun a profit" which will be VERY helpful in your quest for this information...
-
May 25th, 2002, 11:12 PM
#4
Buffer Overflows crash a program(sometimes the entire system) ..... depending on what program u send this out to different things can occur.....
-
May 25th, 2002, 11:22 PM
#5
In brief, a buffer overflow is when you try (perhaps maliciously) to put too much data in a buffer, a buffer being a fixed size memory space.
Concreatly (is this word English or am I translating badly?), you could see this situation while entering a password for example: if the programmer set a fixed maximum size for the password, but doesn't check that the input is within the maximum size, the password buffer will overflow.
The next step in this is that a malicious hacker will try to format the overflowing data in a certain way and with specific content that it will reach the executable memory space of the computer, making it do bad things. If the overflowing data isn't crafted correctly, this will often result in a crash either of the program or of the system, depending where the overflowing data landed.
Hope this gives you an idea...
Ammo
Credit travels up, blame travels down -- The Boss
-
May 25th, 2002, 11:45 PM
#6
Senior Member
Re: Buffer Overflows
Originally posted here by NetwrkBurn
Ok ive been hearing alot about buffer overflows i know that it's a programming error that makes the buffer of a program too large or has none at all.
Think of what happenes if you pour too much water into a glass, the excess water goes all over the place making a mess of things.
A similar result is what happens in memory, the excess memory overwrites. That is a really basic explination though, I just figured this is where you were stuck in understanding them.
-
May 26th, 2002, 05:19 AM
#7
Here's an example of something that could be overflowed:
#!/usr/bin/perl
print "Give me a word: "; # ask for a word
chomp($foo=<STDIN>); # get input
... do stuff here ...
Now, this is minorly an example because (since I didn't explicitly state it), there's no error checking on $foo, which is standard input. This would then pass $foo to whatever function to do whatever with it. Without checking anything in $foo, escape sequences could be used or length (mainly) could overflow a subroutine and pass other code to be executed/etc...
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
May 26th, 2002, 06:01 AM
#8
ahhh I see thanks alot yall i now have a better understanding of buffer overflows is there an archive of bufferoverflows on the net somewere?
-
May 26th, 2002, 09:39 AM
#9
Yes, there are lots of places you can get information about buffer overflows - doesn't take much effort to find them. What really surprises me about this is that companies like MS haven't written their code correctly. I've been writing & supporting software for 20 years or so now, and even 20 years ago failing to validate the input field e.g. length of data, correct structure (numeric, character, binary, etc. etc.), would be considered a serious mistake
Often the problem is not the program itself, but the routine it calls to get the data, which allows these buffer overflows to take place - I don't think I'm giving anything away here, but the sorts of things you put in the overflow part of the buffer are machine code instructions to cause something untoward to happen.
-
May 26th, 2002, 10:24 PM
#10
A lot of the time it is the fault of the compiler.
here's a short quote from the man page on gets().
Never use gets(). Because it is impossible to tell without
knowing the data in advance how many characters gets()
will read, and because gets() will continue to store characters
past the end of the buffer, it is extremely dangerous to use. It has
been used to break computer security. Use fgets() instead.
They still ship these functions with the compiler, and then
tell you not to use them.
I came in to the world with nothing. I still have most of it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|