Buffer Overflow

Published under Glossary

What is a "Buffer Overflow"?

A buffer overflow is a bug in a computer program that can lead to a security vulnerability. A buffer is a part of the physical memory storage that is temporarily used to store data. Buffer overflows occur when a program or process tries to write or read more data from a buffer than the buffer can hold.

In a security context, a buffer overflow can give an attacker access to different parts of the internal memory and eventually control the program execution, introducing risks in confidentiality, integrity and availability. Only native code programs are vulnerable to buffer overflows, meaning programs which use the process instruction set directly rather than intermediates like Java Virtual Machine. This vulnerability is common in programs written in the C or C++ programming languages because these languages are designed to allow access to memory.

Buffer overflow vulnerability

There are different techniques to exploit a buffer overflow vulnerability that vary depending on processor architecture, operating system (OS), and memory region. An example of a vulnerable C function is strcpy. Strcpy copies a string pointed by source into the array pointed by destination "strcpy (destination, source)" without checking the length of the source. So if bigger amounts of data are pushed to the destination buffer then it will result in a memory overwrite. A practical example of a buffer overflow using the strcpy function would be the following:

char buff[5] = {0}
strcpy(buff, "This is more than the buffer can hold")

In the example above we first define an array of type char and size 10. Next we use strcpy function to write a string into the specified array bigger than what it can hold eventually resulting to a buffer overflow. An equivalent command that mitigates this problem is strncpy which also takes an argument of the size of the source "strncpy (destination, source, srcsize). 

One of the most recent and critical bugs that was caused by a buffer overflow was "Stagefright", a bug in the Android OS stagefright library. In this case an attacker was able to compromise remotely any mobile phone running Android OS version 2.2+ by simply sending a malformed video that would cause a buffer overflow in the stagefright library and allow the execution of malicious code.

Prevention

Buffer overflows occur to programs where the memory layout is exposed to them. One easy way to avoid buffer overflows is to use type safe programming languages, although exploitation remains possible through system calls. If there is an absolute necessity to use a non type safe programming language then it is essential for the programmer to be security aware, refrain from using common functions that are vulnerable, and to audit the code before going into production.

No-eXecute (NX) bit

The NX bit is a processor feature that allows certain memory pages to be marked as non-executable. This way memory segments that are used for data are marked as readable or writable. The processor will prevent code exectution from these memory parts.

Address Space Layout Randomization (ASLR)

ASLR is a technique to randomize the position of the stack, executables, and loaded libraries, making it more difficult for attackers to exploit buffer overflow vulnerabities.

Fuzzing

Fuzzing or fuzz testing is a technique used to provide invalid or unexpected data to a program execution. This method is usually done with automated tools that feed the program execution with sample data. In the case, buffer overflow fuzzing can reveal bugs in the source code which can result in unusual program behaviour. It is a common source code auditing technique to check proactively the program execution against unhandled errors.

OS specific

Modern OSs' have their own security measures to limit the impact of buffer overflows vulnerabilities on the system. In Windows there is "Data Execution Prevention (DEP)", on Linux OS grsecurity and selinux  and on Mac OS the "Mandatory Access Control (MAC)" all designed to prevent buffer overflows from happening or exposing the system.

References

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, Perry Wagle et al. Information Security: Principles and Practice, Mark Stamp
http://arstechnica.com/security/2015/08/how-security-flaws-work-the-buffer-overflow/
http://c2.com/cgi/wiki?CeeLanguageAndBufferOverflows
http://insecure.org/stf/smashstack.html
https://www.owasp.org/index.php/Buffer_Overflows
http://projects.webappsec.org/w/page/13246916/Buffer%20Overflow
http://www.cse.scu.edu/~tschwarz/coen152_05/Lectures/BufferOverflow.html
http://www.microsoft.com/security/sir/strategy/default.aspx#!section_3_3
https://pax.grsecurity.net/docs/aslr.txt
https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies