Buffer Overflows – SY0-601 CompTIA Security+ : 1.3

A vulnerable application can allow memory buffers to be manipulated by a crafty attacker. In this video, you’ll learn about buffer overflow vulnerabilities and how they can be used by an attacker.

<< Previous Video: Injection Attacks Next: Replay Attacks >>

 

 


A buffer overflow attack occurs when one section of memory is able to overwrite a different section of memory. This type of overriding or spilling over of memory should not occur, and if someone is able to replicate that in a way that’s controllable, they may be able to gain access to the system or cause an application to perform the way that they would like. This is a type of vulnerability that takes advantage of poor programming, and application developers need to make sure that they perform bounds checking to make sure that no one is able to overwrite different sections of memory.

This is not a simple exploit to find, and it’s not an easy exploit for an attacker to take advantage of. It’s very difficult to find some software that would allow this buffer overflow, and then it’s very difficult to have a buffer overflow that might not cause the system to become unstable or to crash. A good buffer overflow for an attacker is one that they can both replicate and one that they can control.

Here’s a visual example of what a buffer overflow might look like. In this particular computer, we have an application that’s running with two variables– a variable A and a variable B. Right now, the only variable that has data inside of it is variable B, which has the value 1979. If we looked at that in hexadecimal, it would be the value 07 BB. You can see that nothing has been set for variable A. If this application was vulnerable to a buffer overflow, we might be able to overwrite the value of variable A and have it spill over into the area that’s currently used by variable B.

Here’s the aftermath of a buffer overflow, where we’ve taken the word “excessive” and put it into variable A. Now, notice that variable A has enough room for the E-X-C-E-S-S-I-V, and then the E at the end doesn’t fit into that specific area set up for that variable, so it overflows into the next variable in memory and has that 65, which is the E stuck on to variable B. And notice that it has changed the value of variable B. It may be that changing that value of variable B allows the attacker to gain elevated rights or a section of the operating system that they would not normally have, or maybe it allows the attacker to be able to crash the system whenever they’d like, creating a denial of service by using this buffer overflow attack.