Buffer overflows are a common weapon in the attacker's arsenal. In a basic buffer overflow, the attacker sends a specially crafted attack to a computer running software that's known to be vulnerable to buffer overflows. This attack has more data than can be contained in a section of memory known as the buffer. The excess data flows out of the buffer and into another area of memory and changes the normal process by which the computer operates. The computer will then execute the attacker's code as if it were part of the regular application or program.

If the attacker has written the attack code correctly, the computer will follow whatever instructions are in the code, such as enabling remote access, executing a program, or getting the attacker closer to complete control of the target. If the code is flawed, the application--and possibly the computer--will crash. Thus, even an unsuccessful buffer-overflow attack can disrupt service or otherwise harm the target.

The best defense against buffer overflows is to write code properly to prevent overflows in the first place. Unfortunately, a great many software applications still are created with overflow vulnerabilities, which means other defenses must be employed. Many host-based intrusion-protection systems include buffer-overflow protection as part of a larger defense against malware.

The classic paper describing buffer overflows is titled Smashing The Stack For Fun And Profit, by Aleph One. You can find it online at www.phrack.org by searching for issue 49-14. Also check out the books Security Warrior (O'Reilly, 2004) by Cyrus Peikari and Anton Chuvakin and Building Secure Software (Addison-Wesley, 2001) by John Viega and Gary McGraw.

Illustration courtesy of Andrew Shachat/Veer

Return to main story, Keep Attackers At Bay