









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An in-depth analysis of buffer overflow vulnerabilities, their exploitation, and countermeasures. Buffer overflow vulnerabilities are the most common way to gain unauthorized access to a remote host, and understanding how they work is crucial for securing internetwork systems. The concept of exploits, their injection vector and payload, and the impact of buffer overflows on computer memory.
Typology: Lab Reports
1 / 16
This page cannot be seen from the preview
Don't miss anything!










ECE 4883 - Internetwork Security
Buffer overflow vulnerabilities are the most common way togain control of a remote host
-^
Most common security vulnerability
-^
Buffer overflow vulnerabilities are common and easy toexploit
-^
Attacker can insert and execute attack code
-^
Error is made at program creation, is invisible to user
ECE 4883 - Internetwork Security
in other code
!^
Crash of machine and denial of service !^
Crash of just the program that is running
!^
Injection vector – uses the bug itself to get in !^
Payload – not related to the bug at all, can do justabout anything an attacker wants to do
ECE 4883 - Internetwork Security
system
installed, can cause worm or virus activity, cancause a denial of service
ECE 4883 - Internetwork Security
intended to be overwritten
ECE 4883 - Internetwork Security
Buffer
Local Variables
Attack CodeReturn AddressLocal Variables
String fillsThis way
Stack fillsthis way
ECE 4883 - Internetwork Security
char buffer[16];strcpy(buffer,str); } void main() {
char
large_string[256];
int i;for(
i = 0; i <
255; i++)
large_string[i] = 'A'; function(large_string); } (Source:
“Smashing
the
Stack”)
ECE 4883 - Internetwork Security
program’s address space
the “opportunistic” code
ECE 4883 - Internetwork Security
program which is written to buffer
executes functions like exec(argument) whereone can pass the argument /bin/sh to causeexec(“/bin/sh”)
ECE 4883 - Internetwork Security
!^
Check the source code for fgets, gets, getws,memcpy, memmove, scanf, sprintf, strcat, strncpywhere the length of the arguments are not checked !^
Use fault injection tools and/or static analysis tools
ECE 4883 - Internetwork Security
address space non-executable
segment
ECE 4883 - Internetwork Security
if a return value has been corrupted beforeusing it^!
Example is StackGuard which puts a “canary” wordnext to the return address in the stack(Source: “Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade”http://www.immunix.org/StackGuard/discex00.pdf)