What is Buffer overflow?
Buffer overflow, in the presence of a buffer overflow security vulnerabilities in the computer, the attacker can exceed the normal length of the number of characters to fill a domain, usually the memory address. In some cases, these excess characters can be run as “executable” code. So that an attacker can not be bound by security measures to control the attacked computer. It is one of the most common means of attack, the worm on the operating system in high-risk vulnerabilities overflow speed and large-scale propagation are using this technology. Buffer overflow attacks in theory can be used to attack any defective imperfect procedures, including anti-virus software , firewalls and other security products, as well as attacks on the banks of the attack program.
In unix systems, to gain root privileges via a buffer overflow it is quite common to use a hacking technique . In fact, this is a hacker in the system already has a basic local account of the preferred mode of attack. It is also widely used in long-range attacks, by daemon process stack overflow to get rootshell remote technology, there are already many examples.
In the windows system, there is also the problem of buffer overflow. Moreover, with the popularity of internet internet service program, win series platform more and more low-level win program becomes fatal on your system, because they are the same will happen remote stack overflow . Moreover, since the system users and administrators win a general lack of awareness of security, a win on the system stack overflow , if the malicious use, will cause the entire machine to be hackers controlled, which may cause the entire local area network fall into the hands of hackers. Microsoft’s popular product iis server4.0 was found in a known as “illegal htr request” defects. According to Microsoft said the flaw in certain circumstances lead to arbitrary code can be run on the server side. But found the loopholes in the Internet security company eeye ceo firas bushnaq words, this is only the tip of the iceberg. bushnaq said that hackers could exploit to the iis server complete control, in fact, many e-commerce sites is precisely based on this system.
Let us look at the principle of buffer overflow. As everyone knows, c language without array bounds checking, using c language in many applications, it is assumed the size of the buffer is sufficient, certainly greater than its capacity to copy the string length. But the fact is not always the case, when the program error, or malicious user deliberately into a long string, there are many unexpected things happen over that portion of the character will be covered with an array of other neighboring variable Of the space, so that the variable appears unpredictable value. If it happens, the array and subroutine return address when near, it is possible due to the part of the string exceeds covers subroutine return address, so that the subroutine is finished return turned to another unpredictable address to make the program There was an error in the execution flow. Even, because the application does not access the process address space range of addresses, leaving the offending process failures occur. This error is often committed in the programming.
Use a buffer overflow while attempting to destroy or illegally entering the system program usually consists of the following components:
- Prepare for some brings up a shell of machine code string formation, in the following we will call it shellcode.
- Apply a buffer, and the machine code fill in the lower end of the buffer.
- Estimation machine code in the stack may start position and the write end position of the buffer. This initial position is also a parameter we need to call repeatedly when we execute this program.
- The buffer as a buffer overflow system error entry procedures, and the implementation of the wrong procedures.
Through the above analysis and examples, we can see the buffer overflow on the security of the system a huge threat. In unix systems, the use of a class of well-written procedure, and use suid programs that exist such a mistake can easily obtain the system superuser privileges. When a service program to provide services in the port, buffer overflow programs can easily turn off this service, making the system service paralyzed in a certain period of time, serious downtime may make the system immediately, thus becomes a denial of service attack . This error is not only the error of the programmer, the system itself in the realization of this error occurs more. Today, buffer overflow errors are continually from unix, windows, router , gateway to be found and other network devices, and constitute a larger number of security threats to the system maximum degree category.
Buffer overflow is the code inherent vulnerabilities , in addition to pay attention to the development phase to write correct code than for the user, the general prevention of errors
- Shut down a port or service. Administrators should be aware of what is installed on their systems, and which services are running
- Install the software vendor patches, loopholes a release, a large vendor will provide timely patches
- In firewall filter traffic on specific, internal staff can not prevent overflow attacks
- Check your own key service program to see if there is a terrible vulnerability
- Run the software with the minimum permissions required