The document discusses buffer overflow attacks, which occur when a program writes more data to a buffer than it is allocated to hold. This can overwrite other memory locations and potentially allow attackers to execute malicious code. The lecture covers how buffer overflows work, examples of overflow errors, programming languages that are more vulnerable, and techniques for preventing overflows like address space randomization and data execution prevention.

1. Lecture #14: Buffer Overflow Attack
Program and OS Security -Part III
Dr.Ramchandra Mangrulkar
September 3, 2020
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 1 / 12

2. Contents
Non-Malicious programming errors:
Buffer overflow
Incomplete Mediation
Race Condition
Covert Channel
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 2 / 12

3. Buffer
A buffer contains data that is stored for a short amount of time,
typically in the computer’s memory (RAM)
Hold data right before it is used
Download an audio or video file from the Internet, it may load
the first 20% of it into a buffer and then begin to play.
clip plays back, the computer continually downloads the rest of
the clip and stores it in the buffer
Whats Advantage?
Audio or Video will stall or skip when there is network
congestion.
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 3 / 12

4. Buffer Overflow
Buffer overflow errors are characterized by the overwriting of
memory fragments of the process, which should have never been
modified intentionally or unintentionally.
Overwriting values of the IP (Instruction Pointer), BP (Base
Pointer) and other registers causes exceptions, segmentation
faults, and other errors to occur.
These errors end execution of the application in an unexpected
way
Buffer overflow errors occur when we operate on buffers of char
type.
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 4 / 12

5. Types of Buffer Overflow Attacks
Stack-based buffer overflows are more common, and leverage
stack memory that only exists during the execution time of a
function.
Heap-based attacks are harder to carry out and involve flooding
the memory space allocated for a program beyond memory used
for current runtime operations.
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 5 / 12

6. Example of Buffer Overflow
Source1
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 6 / 12

7. Example of Buffer Overflow
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 7 / 12

8. Buffer Overflow Analysis
The program calls a function, which operates on the char type
buffer and does no checks against overflowing the size assigned
to this buffer. As a result, it is possible to intentionally or
unintentionally store more data in the buffer, which will cause an
error. The following question arises: The buffer stores only eight
characters, so why did function printf() display twelve?.
The answer comes from the process memory organisation. Four
characters which overflowed the buffer also overwrite the value
stored in one of the registers, which was necessary for the
correct function return. Memory continuity resulted in printing
out the data stored in this memory area.
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 8 / 12

9. How are buffer overflow errors are made?
gets() > fgets() - read characters
strcpy() > strncpy() - copy content of the buffer
strcat() > strncat() - buffer concatenation
sprintf() > snprintf() - fill buffer with data of different types
(f)scanf() - read from STDIN
getwd() - return working directory
realpath() - return absolute (full) path
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 9 / 12

10. What Programming Languages are More
Vulnerable
C and C++ are two languages that are highly susceptible to
buffer overflow attacks, as they don’t have built-in safeguards
against overwriting or accessing data in their memory.
Mac OSX, Windows, and Linux all use code written in C and
C++.
Languages such as PERL, Java, JavaScript, and C use built-in
safety mechanisms that minimize the likelihood of buffer
overflow.
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 10 / 12

11. How to Prevent Buffer Overflows
Address space randomization (ASLR)—randomly moves around
the address space locations of data regions. Typically, buffer
overflow attacks need to know the locality of executable code,
and randomizing address spaces makes this virtually impossible.
Data execution prevention—flags certain areas of memory as
non-executable or executable, which stops an attack from
running code in a non-executable region.
Structured exception handler overwrite protection
(SEHOP)—helps stop malicious code from attacking Structured
Exception Handling (SEH), a built-in system for managing
hardware and software exceptions. It thus prevents an attacker
from being able to make use of the SEH overwrite exploitation
technique.
Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 11 / 12

12. Linerization Attack Example
Cracking Password based on
Password Verification time
(Password = ”S123N456”)
For Efficiency, Check made
one char at a time
Can attacker take advantage
of it
Correct Password;
Verification Time Maximum
Incorrect password;
Verification Time Minimum
Attacker tries all 1 char
String and finds ”S” takes
longer time
Attacker tries all 2 char
String ”S*” and finds ”S1”Dr.Ramchandra Mangrulkar Lecture #14: Buffer Overflow Attack September 3, 2020 12 / 12