Buffer Overflow Attacks

Definition

A buffer overflow attack occurs when an attacker writes more information into a memory area than expected.
This overflow can lead to overwriting adjacent memory areas.

Developers typically use bounds checking to restrict memory writes (e.g., limiting to 8 bytes).
Attackers search for vulnerabilities to perform buffer overflows.
Finding a buffer overflow isn't enough; the attacker must manipulate it to:
- Avoid crashing the system.
- Execute a desired function beneficial to the attacker.
The ideal buffer overflow is repeatable and consistent in providing an advantage.

Variables in Memory:
- Variable A: Initially empty, can store 8 bytes.
- Variable B: 2 bytes long, holds a decimal value (e.g., 1979).
  - Controls rights and permissions for an application.
  - Values < 2000 imply user/guest rights.
  - Values > 24000 imply administrative rights.
Exploitation:
- Variable B cannot be modified within the application.
- A vulnerability in Variable A allows for a buffer overflow.
- Attackers write 9 bytes into Variable A (e.g., "excessive").
  - First 8 bytes fill Variable A.
  - 9th byte ("e", hex 65) overflows into Variable B.
- New value of Variable B becomes 2856.
- If over 24000, the attacker gains admin rights.

The attacker uses buffer overflow to gain elevated rights without needing admin credentials.