Buffer Overflow
Buffer Overflow
Department of Computer Science, College of Computers and Information Technology, Taif University,
Taif P.O. Box 11099, Taif, 21944, Saudi Arabia
Summary other buffers in most cases which are not considered good by most
A buffer overflow attack is carried out to subvert privileged experts as the buffer’s original data may be overwritten [3].
program functions to gain control of the program and thus Contemporary hackers have been disguising buffer overflow
attacks as viruses intending to illegally access information.
control the host. Buffer overflow attacks should be
prevented by risk managers by eradicating and detecting
them before the software is utilized. While calculating the 2. Literature Review
size, correct variables should be chosen by risk managers in
situations where fixed-length buffers are being used to Buffer overflows are a common occurrence in most
avoid placing excess data that leads to the creation of an organizations today, and weakness is created by the
overflow. Metamorphism can also be used as it is capable vulnerability in cases where memory near a buffer is
of protecting data by attaining a reasonable resistance level overwritten which should not be unintentionally or
[1]. In addition, risk management teams should ensure they deliberately adjusted in a program. Some buffer overflow
access the latest updates for their application server attack causes are logical errors that arise while
products that support the internet infrastructure and the implementation is being carried out, using unsafe library
recent bug reports [2]. Scanners that can detect buffer functions, and a lack of input filters. In situations where a
overflows’ flaws in their custom web applications and buffer overflow attack occurs, the program either loses its
server products should be used by risk management teams stability or collapses [4]. Most attackers do not carry out
to scan their websites. buffer overflow attacks to cripple the program but rather to
This paper presents an experiment of buffer overflow vulnerability overwrite the stack's essential values so that their
and attack. The aims to study of a buffer overflow mechanism, malevolent unsigned codes can be executed. Because they
types, and countermeasures. In addition, to comprehend the target web servers, web applications, and desktop
current detection plus prevention approaches that can be executed applications that are used by most organizations, buffer
to prevent future attacks or mitigate the impacts of similar attacks overflows are considered to be extremely dangerous.
.
Key words:
Buffer; Overflow; Cybersecurity; Stack; Defense; Attack; The attack usually occurs to destroy the memory, where it
Shellcode. comprises of these memory sections such as the stack that
is responsible for storing local variables such as the inside
functions and arguments. Another area is the data area,
1. Introduction which comprises the data segment that consists of the static
or global variables previously started by the programmer [3].
Internet usage over the years globally has experienced exponential
growth due to the benefits associated with its utilization to Furthermore, another data area is the BSS segment, which
governments, corporations, and individuals. However, the is known as the Block started by the symbol. It comprises
interconnected computer systems have led to the discovery of the uninitialized global variables, which can be initialized
various software vulnerabilities, which can be exploited by to zero that occurs before the program execution. Moreover,
unscrupulous individuals or organizations. the heap is the data area segment where it is the space
Furthermore, the most prevalent vulnerability is the buffer utilized for dynamic memory allocation when there is a
overflow attack, which in most cases is activated by the input that program execution underway by malloc(), calloc(), realloc(),
is explicitly designed to execute malicious code. Additionally, the and free(). Likewise, there is the text segment that
recent infamous buffer over attacks includes I love you attacks,
Blaster, and the SQL Slammer, all of which were unexpected
behaviors that exist in particular programming languages.
Likewise, the inability of a program to store large amounts of data
in a buffer is the main reason why hackers utilize buffer overflow
attacks. Thus, when a program attempts to store excess data than
what it was made to store, the extra information overflows into
comprises the program executable code plus it is usually sudo sysctl -q kernel.randomize_va_space
read-only.
Fig. 2
Then, turn off the interspace random
Fig. 1 Memory program layout description Fig. 3 Turn off the interspace random
python3 exploit.py
bless badfile &>/dev/null
5. Conclusion
Buffer overflow attacks should be prevented by risk
managers by eradicating and detecting them before the
software is utilized. This paper presents an experiment of
buffer overflow vulnerability and attack. The aims to study
of the buffer overflow mechanism, types, and
countermeasures. Buffer overflow attacks should be
prevented since its become a critical attack against many
organizations.
References
[1] Chiamwongpaet, Sirisara, and Krerk Piromsopa. "Boundary
Bit: Architectural Bound Checking for Buffer-Overflow
Protection." ECTI Transactions on Computer and
Information Technology (ECTI-CIT) 14.2 (2020): 162-173.
Fan, X., Cao, J.: A Survey of Mobile Cloud Computing. ZTE
Communications 9(1), 4–8 (2011)
[2] Di, Bang, et al. "Efficient Buffer Overflow Detection on
GPU." IEEE Transactions on Parallel and Distributed
Systems 32.5 (2020): 1161-1177.