1.
Buffer Overflow Explained

2.
What is buffer overflow?
How a buffer overflow happens
How to avoid overrun?

3.
What is buffer overflow?
• Buffer overflow are responsible for many
vulnerabilities in operating system as well as
application programs.
• It’s a quiet technical freaky , it includes
program source code , assembler listing , and
debugging usage , which almost scares away
lot of people without solid programming
knowledge.

4.
Cause :
Buffer overflow attack have been there for a long
time. It still exists partly because of the
carelessness of the developer in the code.
Prevention :
Avoid writing bad codes

5.
How a buffer overflow happens ?
• The ultimate purpose of any program that runs on a
computer is to process data of some kind.
• Most don’t operate on fixed data, but on data that is
ultimately provided by user, possibly pre-processed in
some fashion.
• The program needs to store data some where in
computer’s memory, and this is point where problem starts
• Buffer overflows are a common vulnerability on all
platforms, but are by far the most commonly exploited bug
on the linux/unix Operating systems.
• Commonly buffer overflows are exploited to change the
flow in a programs execution, so that it points to a different
memory address or overwrites crucial memory segments.

6.
EX :
#include
#include int main(int argc, char **argv)
{
char buff[512];
if(argc < 2)
{
printf('Usage: %s n', argv[0]);
exit(0);
}
strcpy(buff, argv[1]);
printf('Your name: %sn', buff);
return 0;
}

7.
lets try by giving this program a test:
Normal Execution :
Demo@root:~/tut > gcc vuln1.c -o vuln1
Demo@root:~/tut > ./vuln1
Usage: ./vuln1
Demo@root:~/tut > ./vuln1 mercy
Your name: Fr3@k
Demo@root:~/tut >
Demo@root:~/tut > ./vuln1 `perl -e'print 'A' x 516' ` Your name:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault (core dumped)
As we can see, this program is fully functional, and does what it is required to
do. But lets see what happens when we fill buff (argv[1]) with more than 512
chars:

8.
What happened there?

9.
• The program crashed due to a segmentation fault
- we filled the buffer with more data than it was
defined to hold, ending in an illegal address
violation.
• (Note: if you did not get a core dump it is most
likely because you have not set a limit, at the
command prompt type: ulimit -c unlimited: if this
fails still, make sure you have write access in the
executing directory, and make sure that the file is
not suid, you will not get core dumps on suid
files.)

10.
How to avoid overrun?

11.
Use of safe libraries
• The problem of buffer overflows is common in the C
and C++ languages because they expose low level
representational details of buffers as containers for
data types. Buffer overflows must thus be avoided by
maintaining a high degree of correctness in code which
performs buffer management. It has also long been
recommended to avoid standard library functions
which are not bounds checked, such
as gets, scanf and strcpy.
• Well-written and tested abstract data type libraries
which centralize and automatically perform buffer
management, including bounds checking, can reduce
the occurrence and impact of buffer overflows.

12.
Some Unix operating systems (e.g. OpenBSD, Mac
OS X) ship with executable space protection
(e.g. W^X). Some optional packages include:
PaX
Exec Shield
Openwall
Newer variants of Microsoft Windows also support
executable space protection, called Data Execution
Prevention. Proprietary add-ons include:
– BufferShield
– StackDefender