Wednesday, April 15, 2020

Buffer Oveflow Vulnerability


Buffer Overflow Vulnerability

A buffer overflow, or buffer overrun, is a common program coding botch that an attacker might exploit to pick up access to your framework. To successfully moderate buffer flood vulnerabilities, it is vital to understand what buffer overflows are, what threats they pose to your applications, and what methods attackers utilize to effectively take advantage of these vulnerabilities.

Before getting to what a a buffer overflow is, lets first understand what a buffer is exactly. A buffer is a successive segment of memory designated to contain anything from a character string to an array of integers.

Now as to what a buffer overflow is exactly, a buffer happens when more data is inserted into a buffer than what a buffer can hold. The additional data, which has to go some place, can overflow into a neighboring memory space, adulterating or overwriting the data already held in that space. This usually results in a system crash as some data important for system software could be overwritten, but it also makes the opportunity for an attacker to run a subjective code or manipulate the coding erros to blunder to incite malicious actions.

There are quite a few programming languages prone to buffer overflow attacks.  But the extent of a possible attack depends on the type of the programming language used to write the program. This is because some programming languages are not susceptible to buffer overflow attacks while others are.
For example, languages such as Perl and Javascript have inbuilt protection against buffer overflow attacks. However, languages C, C++, Fortran and even Assembly language do not possess such features. As such, those languages could allow the attacker to fully compromise the targeted system.

Cybercriminals abuse buffer overflow vulnerabilities to alter the execution path of the application by overwriting segments of its memory. The malicious additional data may contain code outlined to trigger particular activities - in effect sending new instructions to the attacked application that result in unauthorized access to the system. Attacker techniques that exploit buffer overflow vulnerability are different according to the architecture and operating system.

Countermeasures against Buffer Overflow

  • The stack can be made non-executable, so even if malicious code is placed in the buffer, it cannot be executed. 
  • The operating system may randomize the memory layout of the address space (memory space). In such a case, when malicious code is placed in a buffer, the attacker cannot predict its address. 
  • Other protection techniques (for example, StackGuard) modify a compiler in such a way that each function calls a piece of code that verifies whether the return address has not changed.
  • Use of safe functions which are inbuilt in certain softwares.
    • e.g. :- strlcpy, strlcat, snprintf (OpenBSD) or strcpy_s, strcat_s, sprintf_s (Windows)


This video link below might give you a better understanding on buffer overflow vulnerability.
https://youtu.be/Qjw46rEkiQo