The document discusses buffer overflow bugs and provides a simple example of exploiting one. It begins with defining key terms like vulnerability, exploit, patch, and zero-day exploit. It then explains what a buffer overflow is - when a program writing data to a buffer overruns its boundary and overwrites adjacent memory locations. The document demonstrates a real-world example program that causes a crash due to a buffer overflow and how that overflow could be exploited. It concludes with some useful resources for further information.
1. Buffer Overflow Bugs
And Simple Example of Exploiting
Mehdi Esmaeilpour
University of Applied Science and Technology
2. 2
Contents
● Some Keywords
● Memory Space
● Simple Example of Buffer Overflow Bug
● Simple Example of BOF Exploits
● Useful Resources
3. 3
Some Keywords
● Bug or Vulnerability
● Exploit
● Patch
● 0day Exploit (zero day exploit)
● Buffer Overflow
4. 4
Bug or Vulnerability
● A vulnerability is a hole or a
weakness in the application, which
can be a design flaw or an
implementation bug, that allows an
attacker to cause harm to the
stakeholders of an application
5. 5
Exploit
● An exploit is a piece of software, a chunk of data, or a
sequence of commands that takes advantage of a bug
or vulnerability in order to cause unintended or
unanticipated behavior to occur on computer
software, hardware, or something electronic (usually
computerized).Such behavior frequently includes
things like gaining control of a computer system,
allowing privilege escalation, or a denial-of-service
(DoS or related DDoS) attack.
6. 6
Patch
● A patch is a piece of software
designed to update a computer
program or its supporting data, to fix
or improve it.This includes fixing
security vulnerabilities and other
bugs, with such patches usually called
bugfixes or bug fixes, and improving
the usability or performance.
7. 7
0day Exploit or Bug
● A zero-day (also known as zero-hour
or 0-day or day zero) vulnerability is
an undisclosed computer-software
vulnerability that hackers can exploit
to adversely affect computer
programs, data, additional computers
or a network
8. 8
Buffer Overflow
● In computer security and
programming, a buffer overflow, or
buffer overrun, is an anomaly where a
program, while writing data to a
buffer, overruns the buffer's boundary
and overwrites adjacent memory
locations.