Buffer Overflow Attack

Definition

• A buffer overflow attack occurs when an attacker writes more information than expected into a specific memory area.
• The excess information overflows into adjacent memory areas.

Normal Application Defense

• Application developers typically perform bounds checking:
  • Ensure only the expected number of bytes are written.
  • For example, only 8 bytes should be written to a certain memory section.

Attack Process

• Attackers explore parts of an application to find buffer overflow vulnerabilities.
• The goal is to modify how the application functions.
• Exploiting buffer overflows is complex:
  • May cause crashes or unexpected behavior.
  • The goal is to achieve a repeatable overflow that provides an advantage.

Example of Buffer Overflow Exploit

• Variables in Memory:

  • Variable A: initially zeroed, can store 8 bytes.
  • Variable B: initially has a value of 1,979, 2 bytes long.

• Application Rights and Permissions:

  • Variable B determines rights:
    • Below 2,000: user/guest rights.
    • Above 24,000: administrative rights.

• Exploit Description:

  • Normally, variable B cannot be changed from within the application.
  • A vulnerability allows buffer overflow from variable A into B.
  • Attacker writes 9 bytes into variable A ("excessive"):
    • First 8 bytes fill variable A.
    • 9th byte overflows into variable B (letter 'e', hex 65).

• Outcome:

  • Variable B value changes to 2,856.
  • If this overflow had caused B to exceed 24,000, attacker gains admin rights without credentials.

Key Takeaways

• Buffer overflow enables attackers to alter memory and gain unauthorized access by exploiting vulnerabilities.
• Successful attacks depend on precise manipulation and understanding of application memory structure.