Buffer Overflows Flashcards
What is a Buffer Overflow?
Occurs when a process stores data outside the memory range allocated by the developer.
Essentially its an attempt to but more data into memory than the memory was designed to hold.
Note: 85% of data breaches were started with a buffer overflow.
What is a Buffer?
A temporary storage area that a program uses to “preload” or store data.
EXA: In a word document, the text written is stored in a buffer until you save it.
What is a Stack and how is it related to a Buffer?
A reserved area of memory where a program saves the return address when a function call instruction is received.
How does an attacker “Smash the Stack”?
It occurs when an attacker fills up the buffer with a “NOP” (Non Operation) so that the return address may hit a NOP and continue until it finds the malicious code.
Note: Essentially, the attacker wants to overflow the buffer, overwrite the instructions with the NOP, and get the program to find the attackers code instead.
Note: This requires a bit of guess work on the attackers part to know where the buffer is.
How does Address Space Layout Randomization prevent Buffer Overflows?
Method used by programmers to randomly arrange the different address spaces used by a program to prevent buffer overflow exploits.