Question

Research on buffer overflow attacks. How do the various types of overflow attacks differ? When did they first start to occur? What can they do and not do? What must a programmer do to prevent a buffer overflow? Answer briefly in your own words.

Answer 1

CIT264-WB Case Project 3-5 Buffer Overflow Attacks, Nicholas

CIT264-WB Nicholas Benders-Haynes Feb 22, 2016

Case Project 3-5 Buffer Overflow Attacks

The first buffer overflow attack started to occur in 1988. It was called the Morris Internet worm. A overflow attack exposes vulnerabilities in a program. It floods the memory with data that is more than the program can control. The effect is the memory is overwritten. The different types of overflows are stack, heap, format, integer, and 0-day.

According to the Security Reference Guide by Seth Fogie a stack overflow attack takes advantage of variables that are used by a program and are unchecked. After a program performs it uses stack to store information that it will need at a later time. There are large amounts of data that don’t go to the stack but that are stored in a section of memory called heap. If the data that was placed in the heap is underestimated the heap across from the original heap can be overwritten. The integer overflow changes the value of a variable outside the range the programmer had in mind. 0-day buffer overflow gives the attacker control of a computer’s processor using a choice of code from a remote machine without authorization.

Buffer overflows can exploit weaknesses found in a program but they are limited in a way. Most software today is immune by design. It can attack only the context and operating system. She can avoid buffer overflows by restricting the length of the memory and string copy functions. Commands strncpy and strncat accept a length value that should be less than the destination buffer. These functions nullify the destination string.

prevention:

1. Avoid using library files: Library files, which are used in programming language and are inherently insecure, are a target for hackers during application attacks. Any weakness found by a hacker in a library file will also exist in all applications that use that library file, giving hackers a glaring target for a potential attack.
2. Filter user input: Filtering out possibly dangerous HTML code and characters that could cause database problems. For example, in ASP code, the apostrophe, quotation mark and ampersand symbols are all reserved symbols. These reserved symbols can't be included within a user's input or they will cause the application to crash. Filter them out and replace them with something else to avoid complications and problems.
3. Test applications: Be sure to test all applications prior to deployment; trying to break into every application to ensure secure coding. If the application breaks, it will be clear that there is a problem that needs to be fixed before a hacker is able to exploit it.