Buffer Overflows

Printable View

May 25th, 2002, 10:44 PM
NetwrkBurn

Buffer Overflows

ok im going to ask a question about buffer overflows, dont flame me cause i know im a newbie and i dont need to be reminded.

Ok ive been hearing alot about buffer overflows i know that it's a programming error that makes the buffer of a program too large or has none at all. Now what i want to know is why is this so effective in hacking into a system? Does this give the attacker a remote command prompt or does it just crash security software, what does the buffer overflow do to aide the hacker?
May 25th, 2002, 11:05 PM
BogoMips

A quick example:

One of the first computer break-ins that used a buffer overflow was the Morris worm. The worm used a buffer overflow in the finger service, a service that sends out information about the set of users on a UNIX box. Today, buffer overflows are still a very high threat to intusions today.
May 25th, 2002, 11:05 PM
Cheeseball

Check out out friend alpha1 on google.com or you can download phrack 49 which has an article called "Smashing the stack for fun a profit" which will be VERY helpful in your quest for this information...:)
May 25th, 2002, 11:12 PM
Dome

Buffer Overflows crash a program(sometimes the entire system) ..... depending on what program u send this out to different things can occur.....
May 25th, 2002, 11:22 PM
ammo

In brief, a buffer overflow is when you try (perhaps maliciously) to put too much data in a buffer, a buffer being a fixed size memory space.

Concreatly (is this word English or am I translating badly?), you could see this situation while entering a password for example: if the programmer set a fixed maximum size for the password, but doesn't check that the input is within the maximum size, the password buffer will overflow.

The next step in this is that a malicious hacker will try to format the overflowing data in a certain way and with specific content that it will reach the executable memory space of the computer, making it do bad things. If the overflowing data isn't crafted correctly, this will often result in a crash either of the program or of the system, depending where the overflowing data landed.

Hope this gives you an idea...

Ammo
May 25th, 2002, 11:45 PM
Wickdgin

Re: Buffer Overflows

Quote:

Originally posted here by NetwrkBurn
Ok ive been hearing alot about buffer overflows i know that it's a programming error that makes the buffer of a program too large or has none at all.

Think of what happenes if you pour too much water into a glass, the excess water goes all over the place making a mess of things.

A similar result is what happens in memory, the excess memory overwrites. That is a really basic explination though, I just figured this is where you were stuck in understanding them.
May 26th, 2002, 05:19 AM
Vorlin

Here's an example of something that could be overflowed:

#!/usr/bin/perl

print "Give me a word: "; # ask for a word
chomp($foo=<STDIN>); # get input

... do stuff here ...

Now, this is minorly an example because (since I didn't explicitly state it), there's no error checking on $foo, which is standard input. This would then pass $foo to whatever function to do whatever with it. Without checking anything in $foo, escape sequences could be used or length (mainly) could overflow a subroutine and pass other code to be executed/etc...
May 26th, 2002, 06:01 AM
NetwrkBurn

ahhh I see thanks alot yall i now have a better understanding of buffer overflows is there an archive of bufferoverflows on the net somewere?
May 26th, 2002, 09:39 AM
darkes

Yes, there are lots of places you can get information about buffer overflows - doesn't take much effort to find them. What really surprises me about this is that companies like MS haven't written their code correctly. I've been writing & supporting software for 20 years or so now, and even 20 years ago failing to validate the input field e.g. length of data, correct structure (numeric, character, binary, etc. etc.), would be considered a serious mistake
Often the problem is not the program itself, but the routine it calls to get the data, which allows these buffer overflows to take place - I don't think I'm giving anything away here, but the sorts of things you put in the overflow part of the buffer are machine code instructions to cause something untoward to happen.
May 26th, 2002, 10:24 PM
rcgreen

A lot of the time it is the fault of the compiler.
here's a short quote from the man page on gets().

Quote:

Never use gets(). Because it is impossible to tell without
knowing the data in advance how many characters gets()
will read, and because gets() will continue to store characters
past the end of the buffer, it is extremely dangerous to use. It has
been used to break computer security. Use fgets() instead.

They still ship these functions with the compiler, and then
tell you not to use them.
:cool:
May 27th, 2002, 08:31 AM
darkes

In reply to rcgreen's comment - yes, couldn't agree more- which is what I was hinting at about the routine used to get the data. But why do reputable (?) companies like MS continue to use this type of weak programming? There are lots of other examples in different languages, where the same thing applies. Sometimes the problem can be a bit deeper, as the program itself is calling a specific routine (e.g. read all input fields on a web page), and it is the routine itself that is not secure, rather than the compiler itself.