The document discusses buffer overflow attacks and their prevention. It explains the memory layout of programs, how buffer overflows work by overflowing the buffer and overwriting return addresses on the stack to execute injected code, and demonstrates this on a vulnerable program to gain root access. It recommends ways to prevent buffer overflows, such as using programming languages that manage memory, input validation, disabling stack execution, patching systems, and using security features like stack canaries, ASLR, and DEP.
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Understand and Exploit Buffer Overflow by Riddhi Shree - Software Security Bangalore - May 27 2017
1. It’s a Stack! Let’s Smash
It!!
By:
Riddhi Shree
(Senior Principal Test Specialist)
Prowareness Software Services
2. Objectives:
1. Structure of program memory
2. Events necessarily required for performing a buffer-overflow attack
3. DEMO: A vulnerable code exploited to gain root shell access of the
system
4. Prevention & Mitigation
8. Continued…
2. Determine the size of the buffer.
By growing and shrinking the
number of characters we input
into the buffer.
As soon as we determine the exact
number of characters it takes to
crash the program, we have
completed Step 2.
10. Continued…
4. There must be security sensitive
variables or executable program
instructions stored below the buffer in
memory.
CALL authenticate()
High Memory Address string2
string1
EIP
(return address)
EBP
(stack frame pointer)
buffer1
Low Memory Address buffer2
14. Prevention & Mitigation:
1. Use a programming language, be it Java, Python, Ruby, that will manage the memory
for you.
2. If you must use C, ensure that you perform proper checks before writing to a buffer.
3. Disable stack execution.
4. Eliminate the use of flawed library functions.
5. Mitigate the damage a buffer overflow can cause:
• Stack canaries
• DEP
• ASLR
6. Use safe library modules.
7. Use source code scanning tools.
8. Patch the operating system and application.
1) Use a programming language, be it Java, Python, Ruby, that will manage the memory for you. If you must use C, ensure that you perform proper checks before writing to a buffer.
2) The second technique involves mitigating the damage a buffer overflow can cause. Techniques like stack canaries, DEP and ASLR fall under this category. They work to limit the damage a buffer overflow can cause by making it more difficult for an attacker to execute arbitrary code after an overflow. Such techniques can be defeated.
Reference:
https://security.stackexchange.com/questions/18556/how-do-aslr-and-dep-work