A buffer overflow is a programming error that allows data to exist in memory that it should not be allowed to access. This can result in errors or, more seriously, an infection.
If data that is too long is inserted into a fixed length buffer the data overflows the buffer and invades adjacent memory. This can cause no problem if that memory is not other-wised used or very serious problems if that area of memory contains other buffers, variables, or program execution code. The error can cause a crash or, if the buffer overflow error is understood by a malicious programmer, the error can allow malicious code to be inserted into the computer and either operate independently or cause the running program to produce incorrect results.
There are a number of buffer overflow exploits. Two common ones are listed here…
- Stack Buffer Overflow. Local variables can be overwritten. The return address in a stack can be rewritten. A function pointer can be set to point to code to execute.
- Heap Overflow. Memory is dynamically allocated at run-time and typically contains program data. Exploitation is performed by corrupting this data. The Microsoft JPEG GDI+ vulnerability is an example of this.
The programming language used can effect how easily buffer overflows can occur. For example, C and C++ provide no built-in protection against accessing or overwriting data in any part of memory. Programmers must either write their own checking or use a library with such checking built in.
There are many other methods available to programmers, including CPU instructions that can be invoked to mark pages of data readable but not executable.
- A buffer overflow is a progrmming error.
- There are many ways to exploit buffers of various kinds.
- Programmers must take special care to avoid buffer overflows.
|How Viruses Infect|
|NTFS ADS Viruses||Botnet|