buffer overflows what they are and how to avoid them
play

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. - PowerPoint PPT Presentation

Mar 12, 2024 •318 likes •825 views

Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr guez All wrongs reversed rj.rodriguez@unileon.es @RicardoJRdez www.ricardojrodriguez.es Research Institute of Applied Sciences in Cybersecurity University of

  1. Buffer Overflows: What They Are, and How to Avoid Them Ricardo J. Rodr´ ıguez � All wrongs reversed rj.rodriguez@unileon.es ※ @RicardoJRdez ※ www.ricardojrodriguez.es Research Institute of Applied Sciences in Cybersecurity University of Le´ on, Spain April 28, 2015 Mundo Hacker Day 2015 Madrid (Espa˜ na)

  2. $ whoami Ph.D. on Comp. Sci. (Univ. of Zaragoza, Spain) (2013) Senior Researcher at University of Le´ on (Spain) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 2 / 19

  3. $ whoami Ph.D. on Comp. Sci. (Univ. of Zaragoza, Spain) (2013) Senior Researcher at University of Le´ on (Spain) Performance and safety analysis on critical, complex systems Model-based security analysis Advanced malware analysis NFC security R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 2 / 19

  4. $ whoami Ph.D. on Comp. Sci. (Univ. of Zaragoza, Spain) (2013) Senior Researcher at University of Le´ on (Spain) Performance and safety analysis on critical, complex systems Model-based security analysis Advanced malware analysis NFC security Trainer at NcN, RootedCON, HIP Speaker at NcN, HackLU, RootedCON, STIC CCN-CERT, MalCON, HIP, HITB. . . R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 2 / 19

  5. What is a BOF? (I) void readName () { char username [256]; printf("Username: "); scanf("%s", username ); } R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 3 / 19

  6. What is a BOF? (I) void copyBuffers (char *org, char *dst) void readName () { { char buffer [5000]; char username [256]; strcpy(buffer , org ); printf("Username: "); // Do some stuff into your buffer scanf("%s", username ); strcpy(dst , buffer); } } R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 3 / 19

  7. What is a BOF? (I) void copyBuffers (char *org, char *dst) void readName () { { char buffer [5000]; char username [256]; strcpy(buffer , org ); printf("Username: "); // Do some stuff into your buffer scanf("%s", username ); strcpy(dst , buffer); } } Buffer Overflow (BOF) Memory zone overflow R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 3 / 19

  8. What is a BOF? (I) void copyBuffers (char *org, char *dst) void readName () { { char buffer [5000]; char username [256]; strcpy(buffer , org ); printf("Username: "); // Do some stuff into your buffer scanf("%s", username ); strcpy(dst , buffer); } } Buffer Overflow (BOF) Memory zone overflow It has consequences: Arbitrary code execution Any code can be illegitimately forced to execute by an attacker (!) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 3 / 19

  9. What is a BOF? (I) void copyBuffers (char *org, char *dst) void readName () { { char buffer [5000]; char username [256]; strcpy(buffer , org ); printf("Username: "); // Do some stuff into your buffer scanf("%s", username ); strcpy(dst , buffer); } } Buffer Overflow (BOF) Memory zone overflow It has consequences: Arbitrary code execution Any code can be illegitimately forced to execute by an attacker (!) Is it used? Common attack vector for malware R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 3 / 19

  10. What is a BOF? (II) Anything else? Causes DoS Application ends unexpectedly (it crashes) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 4 / 19

  11. What is a BOF? (II) Anything else? Causes DoS Application ends unexpectedly (it crashes) Wikipedia definition (overflow): “a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. This is a special case of violation of memory safety’ ’ Problem trending is growing R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 4 / 19

  12. What is a buffer overflow BOF? (III) (Image source: www.cvedetails.com , date from 1999 to 2015) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 5 / 19

  13. What is a BOF? (IV) (Image source: www.cvedetails.com , date from 1999 to 2015) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 6 / 19

  14. What is a BOF? (V) Overflow types Stack-based BOF CPU stack: Local variables storage, procedure parameters. . . Control-flow execution data Return addresses Exception handlers R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 7 / 19

  15. What is a BOF? (V) Overflow types Stack-based BOF CPU stack: Local variables storage, procedure parameters. . . Control-flow execution data Return addresses Exception handlers Consequences: Control-flow hijacking → an attacker controls what is going to be executed R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 7 / 19

  16. What is a BOF? (V) Overflow types Stack-based BOF CPU stack: Local variables storage, procedure parameters. . . Control-flow execution data Return addresses Exception handlers Consequences: Control-flow hijacking → an attacker controls what is going to be executed Heap-based BOF Overwriting of allocated memory ( malloc , allocate ) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 7 / 19

  17. What is a BOF? (V) Overflow types Stack-based BOF CPU stack: Local variables storage, procedure parameters. . . Control-flow execution data Return addresses Exception handlers Consequences: Control-flow hijacking → an attacker controls what is going to be executed Heap-based BOF Overwriting of allocated memory ( malloc , allocate ) Consequences: Memory corruption, code execution . . . R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 7 / 19

  18. What is a BOF? (VI) Overflow types . . . Off-by-one A loop takes ( n − 1) steps instead of n steps Consequences: Control-flow register may be rewritten (1 byte) R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 8 / 19

  19. What is a BOF? (VI) Overflow types . . . Off-by-one A loop takes ( n − 1) steps instead of n steps Consequences: Control-flow register may be rewritten (1 byte) Buffer Overrun Bottleneck on memory blocks when using CD/DVD writers Buffer overflow → data is corrupted → CD/DVD useless R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 8 / 19

  20. What is a BOF? (VI) Overflow types . . . Off-by-one A loop takes ( n − 1) steps instead of n steps Consequences: Control-flow register may be rewritten (1 byte) Buffer Overrun Bottleneck on memory blocks when using CD/DVD writers Buffer overflow → data is corrupted → CD/DVD useless Integer OF R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 8 / 19

  21. What is a BOF? (VI) Overflow types . . . Off-by-one A loop takes ( n − 1) steps instead of n steps Consequences: Control-flow register may be rewritten (1 byte) Buffer Overrun Bottleneck on memory blocks when using CD/DVD writers Buffer overflow → data is corrupted → CD/DVD useless Integer OF In this talk, we focus on Stack-based BOF R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 8 / 19

  22. What is a BOF? (VII) char A[8]; unsigned short B; Variable A: 8B (1 char → 1B) Variable B: 2B No initialized R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 9 / 19

  23. What is a BOF? (VII) char A[8]; unsigned short B; Variable A: 8B (1 char → 1B) Variable B: 2B No initialized R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 9 / 19

  24. What is a BOF? (VII) char A[8]; unsigned short B; Variable A: 8B (1 char → 1B) Variable B: 2B No initialized Let’s copy a string to A. . . strcpy(A, "cadena"); R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 9 / 19

  25. What is a BOF? (VII) What is the memory content? char A[8]; unsigned short B; Variable A: 8B (1 char → 1B) Variable B: 2B No initialized Let’s copy a string to A. . . strcpy(A, "cadena"); R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 9 / 19

  26. What is a BOF? (VII) What is the memory content? char A[8]; unsigned short B; Variable A: 8B (1 char → 1B) Variable B: 2B No initialized What if we copy a longer string? strcpy(A, " cadena larga"); Let’s copy a string to A. . . strcpy(A, "cadena"); R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 9 / 19

  27. What is a BOF? (VII) What is the memory content? char A[8]; unsigned short B; Variable A: 8B (1 char → 1B) Variable B: 2B No initialized What if we copy a longer string? strcpy(A, " cadena larga"); What is the memory content? Let’s copy a string to A. . . strcpy(A, "cadena"); R.J. Rodr´ ıguez (ULE) Buffer Overflows: What They Are, and How to Avoid Them MHD’15 9 / 19

Recommend

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soEware Programming languages commonly associated with buffer overflows including

199 views • 17 slides
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1

Lab 2: Buffer Overflows Fengwei Zhang Wayne State University CSC 5991 Cyber Security PracCce 1 Buffer Overflows One of the most common vulnerabiliCes in soGware Programming languages commonly associated with buffer overflows including

195 views • 17 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
ASLR & DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR & DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows

ASLR & DEP DAVID HEAVERN Problem Statement Security Issues Buffer Overflows Buffer overflows are the source of many of the common vulnerabilities in modern software Caused by not checking the source length when writing to a

1.88k views • 130 slides
CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows

CSE 484 / CSE M 584 Computer Security: Buffer Overflows II TA: Viktor Farkas vfarkas@cs Original slides by Franzi Lab 1 Deadline Reminders Lab

373 views • 11 slides
More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester Rebeiro Indian Institute of Technology Madras Buffer Overreads 2 Buffer Overread Example 3 Buffer Overread Example len read from command line

906 views • 76 slides
CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use

CS 241 Data Organization Buffer Overflows December 4, 2018 The Problem Exploitation Use large strings (or other datatypes) to overflow a buffer Craft input to make the server do whatever you want Easy to crash a program Harder

256 views • 11 slides
Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program Exploitation Buffer Overflows Memory Declaration Smashing The Stack TCP/IP Three Way Handshake Denial of Service SYN Flooding

403 views • 13 slides
On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows Hector Marco-Gisbert , Ismael Ripoll Universit` at Polit` ecnica

528 views • 35 slides
Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer Science Rutgers University http://www.cs.rutgers.edu/~vinodg/416 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red,

950 views • 55 slides
Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for

Smashing The Stack A detailed look at buffer overflows as described in Smashing the Stack for Fun and Profit by Aleph One Summer 2017 Roadmap 1 Process Memory Organization Text Fixed by program Includes code and read-only data

257 views • 22 slides
Computer Security Sec4on Week 2: Buffer Overflows TA:

Computer Security Sec4on Week 2: Buffer Overflows TA:

CSE 484 / CSE M 584 Computer Security Sec4on Week 2: Buffer Overflows TA: Thomas Crosley tcrosley@cs Thanks to Franzi Roesner, Adrian

502 views • 14 slides
ECE590 Computer and Information Security Fall 2018 Buffer Overflows and Software Security Tyler

ECE590 Computer and Information Security Fall 2018 Buffer Overflows and Software Security Tyler

ECE590 Computer and Information Security Fall 2018 Buffer Overflows and Software Security Tyler Bletsch Duke University What is a Buffer Overflow? Intent Arbitrary code execution Spawn a remote shell or infect with worm/virus

1.26k views • 76 slides
Computer and Information Security Fall 2020 Buffer Overflows and Software Security Tyler Bletsch

Computer and Information Security Fall 2020 Buffer Overflows and Software Security Tyler Bletsch

ECE560 Computer and Information Security Fall 2020 Buffer Overflows and Software Security Tyler Bletsch Duke University What is a Buffer Overflow? Intent Arbitrary code execution Spawn a remote shell or infect with worm/virus

983 views • 75 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Analyzing security Security

1.41k views • 107 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security Security is a form

2.11k views • 190 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Last time We finished up By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow defenses (and workarounds) Format string vulnerabilities Integer overflow vulnerabilities This time

1.29k views • 80 slides
CPSC 213 2.8 Textbook Procedures, Out-of-Bounds Memory References and Buffer Overflows

CPSC 213 2.8 Textbook Procedures, Out-of-Bounds Memory References and Buffer Overflows

Reading Companion CPSC 213 2.8 Textbook Procedures, Out-of-Bounds Memory References and Buffer Overflows 3.7, 3.12 Introduction to Computer Systems Unit 1e Procedures and the Stack 1 2 Local Variables of a Procedure

248 views • 7 slides
CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C An article by

CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C An article by

General Presentation In-Depth Analysis Results and Perspectives CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C An article by Nurit Dor, Michael Rodeh and Mooly Sagiv Presentation by Antoine Amarilli

650 views • 32 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides

More recommend