Preventing Buffer Overflow Exploits, Part 1
Internet servers, including Web, e-mail, and FTP servers have long been a target of different kinds of attacks aiming to disable them from providing services to their respective users. One particular exploit, which has become almost ubiquitous in the last several years, is the buffer overflow exploit. While the exploit requires particularly arcane and detailed knowledge of both assembly language and, in some cases, operating system interface details, once someone has coded an exploit and published it, anyone can use it. The results of these exploits provide interactive command shells on UNIX and Linux systems and the ability to upload and execute arbitrary programs on Windows systems. The buffer overflow exploit has become almost ubiquitous in recent years. This article describes how the exploit works and provides examples to better understand it.
To answer the need for advanced security features for Linux servers, the Open Systems Lab at the Ericsson Research Corporate Unit in Montreal, Canada, started the Distributed Security Infrastructure project (DSI) to design and develop a secure infrastructure that provides advanced security mechanisms for telecom applications running on carrier grade Linux servers. One of the goals of DSI is to prevent attacks incoming from the Internet and Intranet, which include buffer overflow exploits, denial of service attacks, and other type of attacks and exploits.
A buffer overflow occurs when a program or a process tries to store more data in a buffer than the buffer is intended to hold.
This article describes the buffer overflow exploit and provides detailed examples to help understand it. A subsequent article will discuss solutions to prevent such exploits and look in detail at the DSM. Please note that the examples provided are for illustration purposes, and we are not by any mean publicizing how to exploit systems. The very simple examples aim to better explain the nature of the exploits and how to prevent them.
Buffer Overflow Exploits
A buffer overflow occurs when a program or a process tries to store more data in a buffer than the buffer is intended to hold. Since buffers are created to contain a finite amount of data, the extra information has to go somewhere, and it can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
Although it may occur accidentally through a programming error, buffer overflow is an increasingly common type of security exploit on data integrity. In a buffer overflow exploit scenario, the extra data may contain codes designed to trigger specific actions such as sending new instructions to the attacked server that could, for instance, damage users files, change data, or disclose confidential information.
To prevent buffer overflow exploits, it is necessary to understand how they occur. If the buffer overflow is a result of an accidental misuse of the vulnerable program, then the program will simply crash. However, if the exploit is the work of a malicious attack, then the consequences can be more severe.
This article was originally published on LinuxPlanet.