A badly written application can open the door to mischief. In this video, you’ll learn how a single buffer overflow can disrupt the security of an operating system.
<< Previous Video: Man-in-the-Middle Next: Data Injection >>
As you’re probably aware, the applications that we’re using store everything that they need in the memory of your computer, and usually the application is very specific about what information it changes or what information it adds to the memory. But there is an attack type that takes advantage of this reading and writing of memory to be able to overwrite things that you weren’t expecting. This is called a buffer overflow, and it occurs when you’re writing information to memory and it spills over past the allocated space that was originally set for that amount of data.
This is something that usually the people writing the application are going to make sure that nothing can write into memory where they weren’t expecting it. They perform a bounds check and confirm that the information they’re writing into memory fits perfectly into the space that’s been allocated. But the bad guys know if they can write information that’s outside of that allocated space, they may be able to gain access to your system that you did not intend.
This can be a very difficult exploit to identify, and it can be difficult to make sure that the buffer overflow that you add to the system is performing the exact function that you’d like. But the bad guys know if they can find a buffer overflow that is not only repeatable, but it’s also controllable then they’re going to have some access to your systems. Here’s an example of a buffer overflow.
This is an application that has been written to contain two different variables, variable A and variable B. And you can see there has been some space allocated for each variable. You can see that variable A has 1, 2, 3, 4, 5, 6, 7, 8 bytes that it can use to allocate information, and you can see that variable B has two bytes available. There’s already information that has been saved into variable B. You can see the value is 1979. If we look at the hex value, it’s 07 bravo, bravo
But the bad guys have realized the developers not performing a balance check for A. And not only can you write eight bytes into A, you can write more than eight bytes causing a buffer overflow. So the bad guys will write into variable A 9 bytes of information, and you can see that it takes EXCESSIV, and then they actually put an E on the end and that E is written into the first byte of variable B, something that should not happen if you’re writing information to a single variable.
This has now changed variable B to be the value 25856, very different than the original variable. That obviously is something that should not have happened. You should not be able to write information into variable A and have it change something in variable B. Now the bad guys will be able to take advantage of this. They’ll try writing different things into variable B and see if that provides them with an access that they would not normally have into your system.