Buffer overflow attack occurs when more data is given than what it is able to handle. Buffers contain defined amount of data and any excess data corrupts space in adjacent memory. Since program uses memory space for numerous purposes, attackers can end up injecting commands to reverse shell and gain underlying operating system using this type of attack.
Buffer is simply a physical memory storage that stores the data temporarily and typically lives in RAM. Buffers are designed to contain a specific amount and can be designed to discard any excess data, but if it doesn’t, program will overwrite data in memory adjacent to the buffer. C and C++ are languages with the biggest overflow vulnerabilities because they don’t have built-in protections against accessing or overwriting data in their memory.
Computers rely on two different memory allocation models, known as the stack and the heap and both exists in RAM. Stack is the memory space provided to the program by operating system primarily to store local variables and function return addresses. The data is stored and retrieved in last in first out format hence stack. Heap memory space store dynamic data and the amount of memory to be reserved is decided at runtime and it is managed by the program and not by the operating system unlike stack. This makes heap slower than stack, but space on heap is limited only by the amount of the virtual memory.
There are three types of buffer overflow attacks, which are integer, stack and heap. Integer overflow occurs when arithmetic operation results in an integer that is too large for the integer type meant to store it. Stack occurs when there’s overflow buffer on the call stack. Heap overflow targets the data in the open memory pool known as the heap.
Buffer overflows occur when a developer does not sanitize or validate the user input before allocating space for it in the buffer. You can use tools like software composition analysis or network scanner to find buffer overflow vulnerabilities.
HansITAcademy 