Buffer Overflow Attacks: Are you safe? - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Buffer Overflow Attacks: Are you safe?

Description:

Buffer is a temporary storage location for data, instructions of the CPU ... Aleph One (a.k.a. Elias Levy); Smashing the stack for fun and Profit. ... – PowerPoint PPT presentation

Number of Views:158
Avg rating:3.0/5.0
Slides: 11
Provided by: Vin9157
Category:

less

Transcript and Presenter's Notes

Title: Buffer Overflow Attacks: Are you safe?


1
Buffer Overflow Attacks Are you safe?
  • Vinay Chilakamarri
  • 004869008
  • Grad Student
  • San Jose State University

2
Agenda
  • Severity of the problem
  • Understanding Stack organization
  • Sample Stack buffer overflow
  • Conclusions

3
Buffer Overflow Attacks The statistics
  • 70 of the BO attacks are on Application Layer
    (Source The Gartner Group)

4
What is a Buffer Overflow?
  • Buffer is a temporary storage location for data,
    instructions of the CPU
  • Its an auxiliary register on the CPU
  • Buffer Overflow occurs when the data is pumped in
    the buffers is more than what they can hold

5
Understanding the Stack
  • A contiguous memory allocation
  • Handles interrupts, stores temporary information
    etc.
  • Push and Pop mechanism
  • Kernel adjusts stack size based on calls
  • EBP, EIP, ESP?

6
Stack from 10000 miles
FFFF
EBP
Locals of Func3
Extended Instruction Pointer (EIP)
Return Address
Variables of Func3
Locals of Func2
Offset
Func1() var1 func2(var1) Func2(v
ar) func3(var) printf(fubar)
Return Address
Variables of Func2
Locals of Func1
Offset
Return Address
Variables of Func1
Extended Stack Pointer (ESP)
0000
7
Abusing Stack with C An Example
  • include stdio.h
  • include string.h
  • int main(int argc, char argv)
  • char buff512
  • if(argc 2)
  • printf(Usage s namen, argv0)
  • exit(0)
  • strcpy(buff, argv1) // TADA!
    //
  • printf(Your name sn, buff)
  • return 0
  • vinay_at_disruptor .a.out perl -e'print A x 516'
  • Your name AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAA
  • Segmentation fault (core dumped)

8
Partial Solutions
  • Randomize the stack memory allocation
  • Use Canaries (word guards) to detect buffer
    overflows
  • Stay away from libc string calls if you are not
    sure of them (use functions like sprintf
    instead)
  • Use StackGuard, ProPolice to automate the
    protection of stacks

9
Conclusion
  • "We give you enough rope to hang yourself or to
    build a bridge.
  • - Popular
    saying on C

10
References
  • Kragen (2002) Attack Class Buffer Overflows.
    Article
  • Website
  • http//www.cosc.brocku.ca/cspress/HelloWorld/1999
    /04-pr/attack_class.html
  • James C. Froster Vitally Osipov Nish Bhalla
    Niels Heinen (2005) Rock Land, Massachusetts
    Syngress.
  • Hoglund, Greg McGraw, Harry (2004) Exploiting
    Software How to Break Code. Book, MA
    Addison-Wesley.
  • Aleph One (a.k.a. Elias Levy) Smashing the stack
    for fun and Profit. Article
    Website
    http//insecure.org/stf/smashstack.html
Write a Comment
User Comments (0)
About PowerShow.com