Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Buffer overflow

  • 21-03-2003 10:58am
    #1
    Tom Dunne
    Registered Users Posts: 23,212 ✭✭✭✭


    I notice there is another flaw discovered in Microsoft software, this time it is in IIS.

    All the serious flaws we have seen over the past while seem to have something to do with a buffer overflow. Can somebody explain what this is and how it allows malicious users gain access to machines?

    I believe the SQL slammer from a few weeks back also utilised a buffer overflow mechanism to replicate itself, didn't it?

    Thanks,

    TD.


Comments

  • #2
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Basically it occurs where a program allocates a certain amount of space (buffer) to contain some information, and then through a miscalculation or a lack of checking, it attempts to write more information into the buffer than the buffer can contain.

    Typically there is useful information lying next or near that buffer such as a return address for the program to jump to when it returns from the current function, and an attacker may be able to manipulate the flow of control in the program, sometimes towards other instructions that they have been able to place in the program's memory.

    That's a fairly typical situation, but assumes certain things about the layout of a binary, that the overflow is on the stack, and that the program's activation records are on the stack. Overflows can affect programs in many other ways. If you want to look into things in more depth, then check out the following resources:

    Summary of defense methods against buffer overflows (good bibliography of links at the end).
    http://www.mcs.csuhayward.edu/~simon/security/boflo.html

    Smashing the stack for fun and profit:
    http://www.insecure.org/stf/smashstack.txt

    Heap overflows:
    http://www.w00w00.org/files/articles/heaptut.txt

    Exploiting a single byte buffer overflow:
    http://www.securityfocus.com/archive/1/10884

    The first link there links to the Tao of Windows buffer overflow.


  • #3
    scojones
    Closed Accounts Posts: 7,230 ✭✭✭scojones


    Ah smashing the stack for fun and profit. A classic.


  • #4
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Might toss in a bit of info here, on how hackers, coders, researchers so on actually spot buffer overflows.

    Most readers will know that a buffer overflow is basicly a problem which is based in the memory where a program stores data.

    The trick is to get something you want i.e shellcode into the place where the buffer overflow overwrites expecific memory, so you can get your code to do what its got to do.

    Heres some code which may shead light on things for some people, this pice was grabbed from the web
    Partial code below

    main(int argc, char **argv) {

    char *somevar;
    char *important;

    somevar = (char *)malloc(sizeof(char)*4);
    important = (char *)malloc(sizeof(char)*14);

    strcpy(important, "command"); /*This one is the important
    variable*/
    stcrpy(somevar, argv[1]);


    ..... Code here ....

    }

    .... Other functions here ....
    End Of Partial Code


    So let's say that important variable stores some system command like, let's
    say "chmod o-r file", and since that file is owned by root the program is run
    under root user too, this means that if you can send commands to it, you can
    execute ANY system command. So you start thinking. How the hell can I put
    something that I want in the important variable. Well the way is to overflow
    the memory so we can reach it. But let's see variables memory addresses.
    To do that you need to re-written the code. Check the following code.

    Partial Code

    main (int argc, char **argv) {


    char *somevar;
    char *important;

    somevar=(char *)malloc(sizeof(char)*4);
    important=(char *)malloc(sizeof(char)*14);

    printf("%p\n%p", somevar, important);
    exit(0);

    rest of code here

    }
    End of Partial Code

    Well we added 2 lines in the source code and left the rest unchanged. Let's
    see what does two lines do.
    The printf("%p\n%p", somevar, important); line will print the memory
    addresses for somevar and important variables. The exit(0); will just keep the
    rest of the program running after all you don't want it for nothing, your goal
    was to know where is the variables are stored.

    That pice may open some peoples eyes for others maybe not
    :cool:


  • #5
    ObeyGiant
    Registered Users Posts: 1,982 ✭✭✭ObeyGiant


    At least post your source, so people can read more, if they want to.


  • #6
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    thats it the one by Ghost_Rider from the hack co za archive ran by gov-boi

    Heres some other links to more papers

    http://www.linux.com.cn/hack.co.za/papers/basicoverflows/index.html

    http://www.linux.com.cn/hack.co.za/papers/advancedoverflows/index.html


  • Advertisement
  • #7
    Rev Hellfire
    Closed Accounts Posts: 7,346 ✭✭✭Rev Hellfire


    The copy and paste skills on this forum truely amaze me :p
    now back to lurking.


  • #8
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    yeah god bless my clip board :D


Advertisement