Understanding Buffer Overflows


Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is.

A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer only needs a little bit of memory, whereas a long integer needs more space in the computer's memory (RAM). There are many different possible types of variables , each with its own predefined memory length. The space set aside in the memory is used to store information that the program needs for its execution. The program will store the value of a variable in this memory space, and then pull the value back out of memory when needed. This virtual space is called a buffer .

A buffer overflow attack deliberately enters more data than a program was written to handle. The extra data "overflows" the region of memory set aside to accept it, thus overwriting another region of memory that was meant to hold some of the program's instructions. In the ideal attack, the overflow values introduced become new instructions that give the attacker control of the target processor.

A successful buffer overflow hack is difficult to execute. However, even if the buffer overflow fails somewhere during its execution, it will most likely cause problems for the target computer. Because of the delicate nature of computer memory, a failed buffer overflow will often result in a computer crash. The program that originally allocated the segment of memory that was overwritten will not check to see whether the data has changed. Therefore, it will attempt to use the information stored there and will assume it is the same information it had placed there previously. For example, when the program goes to look for a number that is used to calculate the price of tea and instead gets the word "Bob," the program will not know what to do.

Although you might not consider your system worthy of such a technically difficult attack, there are many pre-made programs that script kiddies use against known buffer overflow vulnerabilities. In fact, in the case of the previously mentioned vulnerability found in Microsoft's IIS server, it was not long after the hole was found that a program enabled even the most computer illiterate hacker to perform a buffer overflow with ease. This same type of vulnerability can be found in software on the average home or small business user 's computer. It is simply a matter of what programs are installed on your computer, and if there are any well-known vulnerabilities for the installed software. All it takes is one script kiddie who has a pre-made hacker program to create a huge headache for you.

For this reason, you must be aware of what software you are running on your computer. Keep a watchful eye out for vendor-released security patches. If a vulnerability is found, download and install the patch as soon as it is available from the manufacturer.



Maximum Wireless Security
Maximum Wireless Security
ISBN: 0672324881
EAN: 2147483647
Year: 2002
Pages: 171

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net