Buffer Overflow Exploits
CS-480b
Dick Steflik
What is a buffer overflow?
Memory
global static
heap
malloc( ) , new
Stack
non-static local variabled
value parameters
Buffer is a contiguously allocated chunk of
memory
Anytime we put more data into a data
structure than it was designed for.
Side Effects
The side effects of a buffer overflow may
cause:
the program may work strangely
the program may fail
the program may continue without any noticeable
problems
Side Effects Depend on:
How much data was written past the end of
the buffer
What data (if any) are overwritten
Whether the program attempts to read data
that are overwritten
What data ends up replacing the memory
that gets overwritten
Three Basic Attacks
Overrun a static buffer
hurts data but little to no exposure for loss of
control
Stack smashing
place attack code in memory, find some sloppy
use of the runtime stack, use stack to transfer
control to attack code
Heap overflow
much harder to exploit as there isn’t usually a
mechanism to gain control