KEMBAR78
Buffer overflow | PPTX
AM
Uploaded byAbu Juha Ahmed Muid
PPTX, PDF1,941 views

Buffer overflow

This document covers the concept of buffer overflow, a vulnerability that occurs when a program writes more data to a buffer than it can hold, potentially allowing attackers to overwrite adjacent memory. It discusses who is vulnerable, methods of exploitation, various types of buffer overflow attacks, and protective measures like address space randomization and data execution prevention. Additionally, it emphasizes the importance of using programming languages with built-in protections against such vulnerabilities.

Downloaded 28 times
BUFFER OVERFLOW Course Code: MISS1201 Course Name: Intrusion Management and Ethical Hacking Abu Juha Ahmed Muid Roll: 2054911004 MISS-2020 Bangladesh University of Professionals
content  What’s a buffer?  What is buffer overflow?  Use of the Stack  Who is vulnerable to buffer overflow attacks?  How do attackers exploit buffer overflows?  What are the different types of buffer overflow attacks?  Buffer Overflow Example
 The size and complexity of software systems is growing, increasing the number of bugs. Many of these bugs constitute security vulnerabilities. Most common of these bugs is the buffer overflow vulnerability
What’s a buffer?  A buffer, or data buffer, is an area of physical memory storage used to temporarily store data while it is being moved from one place to another. These buffers typically live in RAM memory. Computers frequently use buffers to help improve performance; most modern hard drives take advantage of buffering to efficiently access data, and many online services also use buffers. For example, buffers are frequently used in online video streaming to prevent interruption. When a video is streamed, the video player downloads and stores perhaps 20% of the video at a time in a buffer and then streams from that buffer. This way, minor drops in connection speed or quick service disruptions won’t affect the video stream performance.  Buffers are designed to contain specific amounts of data. Unless the program utilizing the buffer has built-in instructions to discard data when too much is sent to the buffer, the program will overwrite data in memory adjacent to the buffer.
What is buffer overflow?  Buffer overflow is an anomaly that occurs when software writing data to a buffer overflows the buffer’s capacity, resulting in adjacent memory locations being overwritten. In other words, too much information is being passed into a container that does not have enough space, and that information ends up replacing data in adjacent containers.  Buffer overflows can be exploited by attackers with a goal of modifying a computer’s memory in order to undermine or take control of program execution. M I S S S T U D E N T
Use of the Stack  The stack is a region in a program's memory space that is only accessible from the top. There are two operations, push and pop, to a stack. A push stores a new data item on top of the stack, a pop removes the top item. Every process has its own memory space (at least in a decent OS), among them a stack region and a heap region. The stack is used heavily to store local variables and the return address of a function.
Use of the Stack  The stack is a region in a program's memory space that is only accessible from the top. There are two operations, push and pop, to a stack. A push stores a new data item on top of the stack, a pop removes the top item. Every process has its own memory space (at least in a decent OS), among them a stack region and a heap region. The stack is used heavily to store local variables and the return address of a function. A B C D D C B A Push Pop
Use of the Stack
Memory layout for a process.
Who is vulnerable to buffer overflow attacks?  Certain coding languages are more susceptible to buffer overflow than others. C and C++ are two popular languages with high vulnerability, since they contain no built-in protections against accessing or overwriting data in their memory. Windows, Mac OSX, and Linux all contain code written in one or both of these languages.  More modern languages like Java, PERL, and C# have built-in features that help reduce the chances of buffer overflow, but cannot prevent it altogether.
How do attackers exploit buffer overflows?  An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.  For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.
What are the different types of buffer overflow attacks?  There are a number of different buffer overflow attacks which employ different strategies and target different pieces of code.  Stack overflow attack - This is the most common type of buffer overflow attack and involves overflowing a buffer on the call stack.  Heap overflow attack - This type of attack targets data in the open memory pool known as the heap.  Integer overflow attack - In an integer overflow, an arithmetic operation results in an integer (whole number) that is too large for the integer type meant to store it; this can result in a buffer overflow.  Unicode overflow - A unicode overflow creates a buffer overflow by inserting unicode characters into an input that expect ASCII characters.
How to protect against buffer overflow attacks  Luckily, modern operating systems have runtime protections which help mitigate buffer overflow attacks. Let’s explore 2 common protections that help mitigate the risk of exploitation:  Address space randomization - Randomly rearranges the address space locations of key data areas of a process. Buffer overflow attacks generally rely on knowing the exact location of important executable code, randomization of address spaces makes that nearly impossible.  Data execution prevention - Marks certain areas of memory either executable or non-executable, preventing an exploit from running code found in a non-executable area.  Software developers can also take precautions against buffer overflow vulnerabilities by writing in languages that have built-in protections or using special security procedures in their code.
Buffer Overflow Example  Function: the calling function written by the developer  Parameters: the parameters needed by the function  Return: it tells the program what to do after it has executed the function  Basepointer: marks the start of a function stack frame  Buffer: the allocated space for data  As you can see in the image above, memory is made of different parts. Between the stack and the heap, there is a buffer area, which allows both to grow during run time.  If we look at a stack in detail, we can see different sections:
Buffer Overflow Example  In this example, we have a program that allocated 20 bits of buffer. If we inject more than that amount, say 30 bits, the data will overflow.  Because of the nature of the memory, the data will overflow upwards towards the function. Once it gets to the return section, that is where the problems start.  If an attacker injects data in the return that points to the address of malicious code, the program will run it, causing severe consequences.
 Shellcodes are typically injected into computer memory by exploiting stack or heap-based buffer overflows vulnerabilities, or format string attacks.
 GCC, the GNU Compiler Collection  https://gcc.gnu.org/  apt-get install gcc in linux  GDB: The GNU Project Debugger  https://www.gnu.org/software/gdb/  apt-get install gdb
History

More Related Content

PPT
Access control matrix
byAravindharamanan S
 
PPTX
Rootkits
byTharinduUdaraRanasin
 
PPTX
Buffer overflow attacks
byJoe McCarthy
 
PPT
4_5949547032388570388.ppt
byMohammedMohammed578197
 
PPTX
Authentication
byprimeteacher32
 
PPT
authentication.ppt
byjayarao21
 
PDF
Chapter 2 program-security
byVamsee Krishna Kiran
 
PPT
Application Security
byflorinc
 
Access control matrix
byAravindharamanan S
 
Rootkits
byTharinduUdaraRanasin
 
Buffer overflow attacks
byJoe McCarthy
 
4_5949547032388570388.ppt
byMohammedMohammed578197
 
Authentication
byprimeteacher32
 
authentication.ppt
byjayarao21
 
Chapter 2 program-security
byVamsee Krishna Kiran
 
Application Security
byflorinc
 

What's hot

PPT
Software security
byRoman Oliynykov
 
PPTX
SCHEDULING ALGORITHMS
byDhaval Sakhiya
 
PPTX
Denial of service
bygarishma bhatia
 
PPTX
Buffer overflow
byEvgeni Tsonev
 
PDF
OPERATING SYSTEM SECURITY
byRohitK71
 
PPTX
Operating System Operations ppt.pptx
byMSivani
 
PPTX
Deadlock Prevention
byprachi mewara
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PPTX
cpu scheduling
byhashim102
 
PPT
6 buffer overflows
bydrewz lin
 
PPTX
DoS or DDoS attack
bystollen_fusion
 
PPTX
Web application security
byKapil Sharma
 
PPTX
Types of cyber attacks
bykrishh sivakrishna
 
PPT
Memory Management in OS
byvampugani
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PPTX
Program security
byPrachi Gulihar
 
PPT
Virus and Malicious Code Chapter 5
byAfiqEfendy Zaen
 
PDF
LFI to RCE
byn|u - The Open Security Community
 
PPTX
Features of java
byWILLFREDJOSE W
 
PDF
Network Security Fundamentals
byRahmat Suhatman
 
Software security
byRoman Oliynykov
 
SCHEDULING ALGORITHMS
byDhaval Sakhiya
 
Denial of service
bygarishma bhatia
 
Buffer overflow
byEvgeni Tsonev
 
OPERATING SYSTEM SECURITY
byRohitK71
 
Operating System Operations ppt.pptx
byMSivani
 
Deadlock Prevention
byprachi mewara
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
cpu scheduling
byhashim102
 
6 buffer overflows
bydrewz lin
 
DoS or DDoS attack
bystollen_fusion
 
Web application security
byKapil Sharma
 
Types of cyber attacks
bykrishh sivakrishna
 
Memory Management in OS
byvampugani
 
Security & protection in operating system
byAbou Bakr Ashraf
 
Program security
byPrachi Gulihar
 
Virus and Malicious Code Chapter 5
byAfiqEfendy Zaen
 
LFI to RCE
byn|u - The Open Security Community
 
Features of java
byWILLFREDJOSE W
 
Network Security Fundamentals
byRahmat Suhatman
 

Similar to Buffer overflow

PPTX
Golf teamlearnerlecture
bykairistiona
 
PPSX
Ids 008 buffer overflow
byjyoti_lakhani
 
PDF
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
byDr. Ramchandra Mangrulkar
 
PDF
IRJET - Buffer Overflows Attacks & Defense
byIRJET Journal
 
PPTX
Buffer overflow attack
byKrish
 
PPSX
Buffer overflow
byAmbuj Kumar
 
PPTX
fjfh mjgkj jkhglkjh jhlkh lhlkkhl kjhjkhjk
byahmed8790
 
PPTX
antoanthongtin_Lesson 3- Software Security (1).pptx
by23162024
 
PDF
Ceh v5 module 20 buffer overflow
byVi Tính Hoàng Nam
 
PPTX
Stack-Based Buffer Overflows
byDaniel Tumser
 
PDF
Buffer overflow attacks
bySandun Perera
 
PDF
Buffer overflow attacks
bySandun Perera
 
DOCX
What
byanity
 
PPTX
Buffer overflows
bySandun Perera
 
PDF
Buffer overflow null
bynullowaspmumbai
 
ODP
BufferOverflow - Offensive point of View
byToe Khaing
 
PDF
Advanced Arm Exploitation
byHimanshu Khokhar Jaat
 
PDF
Smashing The Stack
byDaniele Bellavista
 
PPTX
Control hijacking
byPrachi Gulihar
 
PPTX
Buffer overflow explained
byTeja Babu
 
Golf teamlearnerlecture
bykairistiona
 
Ids 008 buffer overflow
byjyoti_lakhani
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
byDr. Ramchandra Mangrulkar
 
IRJET - Buffer Overflows Attacks & Defense
byIRJET Journal
 
Buffer overflow attack
byKrish
 
Buffer overflow
byAmbuj Kumar
 
fjfh mjgkj jkhglkjh jhlkh lhlkkhl kjhjkhjk
byahmed8790
 
antoanthongtin_Lesson 3- Software Security (1).pptx
by23162024
 
Ceh v5 module 20 buffer overflow
byVi Tính Hoàng Nam
 
Stack-Based Buffer Overflows
byDaniel Tumser
 
Buffer overflow attacks
bySandun Perera
 
Buffer overflow attacks
bySandun Perera
 
What
byanity
 
Buffer overflows
bySandun Perera
 
Buffer overflow null
bynullowaspmumbai
 
BufferOverflow - Offensive point of View
byToe Khaing
 
Advanced Arm Exploitation
byHimanshu Khokhar Jaat
 
Smashing The Stack
byDaniele Bellavista
 
Control hijacking
byPrachi Gulihar
 
Buffer overflow explained
byTeja Babu
 

Recently uploaded

PDF
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
PPTX
Exploring Entrepreneurial Qualities: A Curated Presentation for Grade 11 Busi...
bySamanthaNkoana
 
PDF
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
PPTX
DO 34 s 2025 - ammendment of DO 24 s 2025.pptx
byJeanalynEstrellado3
 
PPTX
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
PPTX
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
PPTX
Welcome to our Open Evening 2025 Ballinrobe CS
byjacollins1515
 
PPTX
Single entry System Vs Double entry System.pptx
bylavanyafranklin0804
 
PPTX
English Home Language & First Additional Language P2 Preparation.pptx
byMasingita Maswanganye
 
PPTX
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
PPTX
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
PDF
Admin Slides for Oct'25 semester - PBO - MC1.pdf
byMark Kor
 
DOCX
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
PDF
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
PDF
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
PPTX
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
PPTX
ILA 2025 Prague CLS Presentation of Leadership journal
byjohanalvehus
 
PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
Exploring Entrepreneurial Qualities: A Curated Presentation for Grade 11 Busi...
bySamanthaNkoana
 
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
DO 34 s 2025 - ammendment of DO 24 s 2025.pptx
byJeanalynEstrellado3
 
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
Welcome to our Open Evening 2025 Ballinrobe CS
byjacollins1515
 
Single entry System Vs Double entry System.pptx
bylavanyafranklin0804
 
English Home Language & First Additional Language P2 Preparation.pptx
byMasingita Maswanganye
 
How can education build trust in a polarised world_Jonathan James_OECD .pptx
byEduSkills OECD
 
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
Admin Slides for Oct'25 semester - PBO - MC1.pdf
byMark Kor
 
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
ILA 2025 Prague CLS Presentation of Leadership journal
byjohanalvehus
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 

Buffer overflow

  • 1.
    BUFFER OVERFLOW Course Code: MISS1201 CourseName: Intrusion Management and Ethical Hacking Abu Juha Ahmed Muid Roll: 2054911004 MISS-2020 Bangladesh University of Professionals
  • 2.
    content  What’s abuffer?  What is buffer overflow?  Use of the Stack  Who is vulnerable to buffer overflow attacks?  How do attackers exploit buffer overflows?  What are the different types of buffer overflow attacks?  Buffer Overflow Example
  • 3.
     The sizeand complexity of software systems is growing, increasing the number of bugs. Many of these bugs constitute security vulnerabilities. Most common of these bugs is the buffer overflow vulnerability
  • 4.
    What’s a buffer? A buffer, or data buffer, is an area of physical memory storage used to temporarily store data while it is being moved from one place to another. These buffers typically live in RAM memory. Computers frequently use buffers to help improve performance; most modern hard drives take advantage of buffering to efficiently access data, and many online services also use buffers. For example, buffers are frequently used in online video streaming to prevent interruption. When a video is streamed, the video player downloads and stores perhaps 20% of the video at a time in a buffer and then streams from that buffer. This way, minor drops in connection speed or quick service disruptions won’t affect the video stream performance.  Buffers are designed to contain specific amounts of data. Unless the program utilizing the buffer has built-in instructions to discard data when too much is sent to the buffer, the program will overwrite data in memory adjacent to the buffer.
  • 5.
    What is bufferoverflow?  Buffer overflow is an anomaly that occurs when software writing data to a buffer overflows the buffer’s capacity, resulting in adjacent memory locations being overwritten. In other words, too much information is being passed into a container that does not have enough space, and that information ends up replacing data in adjacent containers.  Buffer overflows can be exploited by attackers with a goal of modifying a computer’s memory in order to undermine or take control of program execution. M I S S S T U D E N T
  • 6.
    Use of theStack  The stack is a region in a program's memory space that is only accessible from the top. There are two operations, push and pop, to a stack. A push stores a new data item on top of the stack, a pop removes the top item. Every process has its own memory space (at least in a decent OS), among them a stack region and a heap region. The stack is used heavily to store local variables and the return address of a function.
  • 7.
    Use of theStack  The stack is a region in a program's memory space that is only accessible from the top. There are two operations, push and pop, to a stack. A push stores a new data item on top of the stack, a pop removes the top item. Every process has its own memory space (at least in a decent OS), among them a stack region and a heap region. The stack is used heavily to store local variables and the return address of a function. A B C D D C B A Push Pop
  • 8.
  • 9.
  • 10.
    Who is vulnerableto buffer overflow attacks?  Certain coding languages are more susceptible to buffer overflow than others. C and C++ are two popular languages with high vulnerability, since they contain no built-in protections against accessing or overwriting data in their memory. Windows, Mac OSX, and Linux all contain code written in one or both of these languages.  More modern languages like Java, PERL, and C# have built-in features that help reduce the chances of buffer overflow, but cannot prevent it altogether.
  • 11.
    How do attackersexploit buffer overflows?  An attacker can deliberately feed a carefully crafted input into a program that will cause the program to try and store that input in a buffer that isn’t large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code with his own executable code, which can drastically change how the program is intended to work.  For example if the overwritten part in memory contains a pointer (an object that points to another place in memory) the attacker’s code could replace that code with another pointer that points to an exploit payload. This can transfer control of the whole program over to the attacker’s code.
  • 12.
    What are thedifferent types of buffer overflow attacks?  There are a number of different buffer overflow attacks which employ different strategies and target different pieces of code.  Stack overflow attack - This is the most common type of buffer overflow attack and involves overflowing a buffer on the call stack.  Heap overflow attack - This type of attack targets data in the open memory pool known as the heap.  Integer overflow attack - In an integer overflow, an arithmetic operation results in an integer (whole number) that is too large for the integer type meant to store it; this can result in a buffer overflow.  Unicode overflow - A unicode overflow creates a buffer overflow by inserting unicode characters into an input that expect ASCII characters.
  • 13.
    How to protectagainst buffer overflow attacks  Luckily, modern operating systems have runtime protections which help mitigate buffer overflow attacks. Let’s explore 2 common protections that help mitigate the risk of exploitation:  Address space randomization - Randomly rearranges the address space locations of key data areas of a process. Buffer overflow attacks generally rely on knowing the exact location of important executable code, randomization of address spaces makes that nearly impossible.  Data execution prevention - Marks certain areas of memory either executable or non-executable, preventing an exploit from running code found in a non-executable area.  Software developers can also take precautions against buffer overflow vulnerabilities by writing in languages that have built-in protections or using special security procedures in their code.
  • 14.
    Buffer Overflow Example Function: the calling function written by the developer  Parameters: the parameters needed by the function  Return: it tells the program what to do after it has executed the function  Basepointer: marks the start of a function stack frame  Buffer: the allocated space for data  As you can see in the image above, memory is made of different parts. Between the stack and the heap, there is a buffer area, which allows both to grow during run time.  If we look at a stack in detail, we can see different sections:
  • 15.
    Buffer Overflow Example In this example, we have a program that allocated 20 bits of buffer. If we inject more than that amount, say 30 bits, the data will overflow.  Because of the nature of the memory, the data will overflow upwards towards the function. Once it gets to the return section, that is where the problems start.  If an attacker injects data in the return that points to the address of malicious code, the program will run it, causing severe consequences.
  • 16.
     Shellcodes aretypically injected into computer memory by exploiting stack or heap-based buffer overflows vulnerabilities, or format string attacks.
  • 17.
     GCC, theGNU Compiler Collection  https://gcc.gnu.org/  apt-get install gcc in linux  GDB: The GNU Project Debugger  https://www.gnu.org/software/gdb/  apt-get install gdb
  • 20.