GHI

1. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly
2. where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites
3. adjacent memory locations.
4.  
5. Buffers are areas of memory set aside to hold data, often while moving it fro*m one section of a
6. program to another, or between programs. Buffer overflows can often be triggered by malformed inputs;
7. if one assumes all inputs will be smaller than a certain size and the buffer is created to be that
8. size, then an anomalous transaction that produces more data could cause it to write past the end of
9. the buffer. If this overwrites adjacent data or executable code, this may result in erratic program
10. behavior, including memory access errors, incorrect results, and crashes.
11.  
12. Buffer Overflow • A buffer overflow condition exists when a program attempts to put more data in
13. a buffer than it can hold or when a program attempts to put data in a memory area past a buffer.
14. In this case, a buffer is a sequential section of memory allocated to contain anything fro*m
15. a character string to an array of integers. Writing outside the bounds of a block of allocated memory
16. can corrupt data, crash the program, or cause the execution of malicious code. • Buffer overflow
17. is probably the best known form of software security vulnerability. Most software developers know
18. what a buffer overflow vulnerability is, but buffer overflow attacks against both legacy and newly-
19. developed applications are still quite common. Part of the problem is due to the wide variety of
20. ways buffer overflows can occur, and part is due to the error- prone techniques often used to prevent them.
21.  
22.  
23. Contd... • Exploiting a buffer overflow allows an attacker to control or crash the process
24. or to modify its internal variables. Buffer overflow always ranks high in the Common Weakness
25. Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common
26. Weakness Enumeration dictionary of weakness types. Despite being well understood, buffer overflows
27. continue to plague software fro*m vendors both large and small. • A buffer overflow can occur
28. inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to
29. a program that then attempts to store the input in a buffer that isn't large enough for that input.
30. If the excess data is written to the adjacent buffer, it overwrites any data held there. If
31. the original data includes the exploited Function’s return pointer -- the address to which the process
32. should go next -- an attacker can set the new values to point to an address of his choosing. The attacker
33. usually sets the new values to point to a location where the exploit Payload has been positioned.
34. This alters the execution path of the process and effectively transfers control to the attacker's malicious code.