BUFFER OVERFLOW ATTACK AND HOW IT IS USED TO ATTACK YOUR NETWORK
Buffer Overflow Attack
Buffers are memory storage areas that keep data briefly as it is transported from one location to another. These buffers are usually stored in RAM. Buffering is used by most contemporary hard drives to speed up data access. Buffers are regularly used in online video streaming to prevent interruptions, and buffers are widely employed in online video streaming. When a video is streaming, the video player first downloads, and stores around 20% of the video in a buffer before streaming from that buffer.
When the volume of data exceeds the memory buffer’s storage capacity, a buffer overflow (or buffer overrun) occurs. As a result, the program attempting to write data to the buffer overwrites memory areas close to the buffer. In other words, when a software or system activity places more data (than was initially allotted to be stored), the excess data overflow. Some of the data leaks into other buffers as a result. For example, if a buffer for log-in credentials is configured to assume username and password inputs of 8 bytes, the software may push the surplus data across the buffer border if a transaction contains an input of 10 bytes (that is, 2 bytes more than intended).
Buffer overflows may be classified into four types:
Stack-based buffer overflows are more prevalent, as they take advantage of stack memory only during the execution of a function.
Buffer overflows caused by heaps: This buffer overflows occur when a program’s memory area is flooded beyond the memory utilized for current runtime activities.
An integer overflow attack occurs when an arithmetic operation produces an integer (whole number) that is too big to be stored in the integer type intended for it.
Unicode overflow: A Unicode overflow occurs when Unicode characters are inserted into an input that expects ASCII characters.
How Do Attackers Make Use of Buffer Overflows?
A well-known security attack involves exploiting the behaviour of a buffer overflow. Attackers take advantage of buffer overflow problems by overwriting an application’s memory. This alters the program’s execution route, resulting in a response that destroys files or exposes confidential information. Additional data in a buffer-overflow attack may contain explicit instructions for activities intended by a hacker or malevolent user. Attackers can cause a susceptible application to run arbitrary code to gain control of the computer or crash the system by delivering specially engineered user inputs to the program.
If the rewritten memory segment contains a pointer (an object that points to another location in memory), the attacker’s code might replace it with another pointer pointing to an exploit payload. This can hand over control of the entire program to the attacker’s code.
C and C++ are two programming languages that are frequently linked to buffer overflows because they have no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an array (the built-in buffer type) is within the array’s boundaries. Buffer overflow vulnerabilities are caused by simple programming errors that are difficult to detect and guard against. Code written in one or both of these languages can be found on Windows, Mac OSX, and Linux. Buffer overflow can be reduced by built-in features in more recent languages like Java, PERL, and C#, but it cannot be completely avoided.
How to Prevent Buffer Overflow
Developers can guard against buffer overflow vulnerabilities by implementing security mechanisms in their code or by utilizing languages with built-in protection. Three common safeguards are:
Address space randomization (ASLR) reshuffles the address space positions of a process’s critical data regions at random. Buffer overflow attacks need knowledge of the location of executable code, which is nearly impossible with randomized address spaces. When malicious code is inserted into a buffer in this way, the attacker is unable to predict its address.
Data execution prevention: Marks particular memory locations as non-executable or executable, preventing an attack from running code in non-executable places.
Structured exception handler overwrites protection (SEHOP): It aids in the prevention of malicious code attacking Structured Exception Handling (SEH), a built-in method for controlling hardware and software exceptions. As a result, an attacker is unable to employ the SEH overwrite exploitation approach.
Having the most recent security patches: Install security fixes as soon as they are available.
UK Cyber Security Group Ltd is here to help
Please check out our Cyber Essentials Checklist
Please check out our Free Cyber Insurance
If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us