IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [buffer-overflow]

A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.

Buffer overflow vulnerabilities like stack buffer overflows can be exploited to gain control of the program (and run arbitrary code) by changing control flow data, or at the very least they can crash the target program.

504 questions
56
votes
7 answers

How to explain buffer overflow to a layman

Every once in a while (when I think out loud and people overhear me) I am forced to explain what a buffer overflow is. Because I can't really think of a good metaphor, I end up spending about 10 minutes explaining how (vulnerable) programs work and…
KnightOfNi
  • 2,277
  • 3
  • 20
  • 23
17
votes
2 answers

How are fat pointers a good protection?

I'm learning about buffer overflows, and I get the idea of fat pointer, but what I don't quite get is how are they a good protection? If you were able to modify the pointer so it points to another address, wouldn't you be able to modify the obj base…
Pixel
  • 197
  • 1
  • 6
12
votes
1 answer

Concept of Jump-Oriented-Programming (JOP)

I don't understand the concept of Jump-Oriented-Programming. Can somebody try and explain this to me in an easy to understand way? I see that JOP is a concept that has evolved due to security measurements which have been implemented to protect…
user503842
  • 277
  • 1
  • 4
  • 10
11
votes
1 answer

Using cat to overcome 'Stack smash detected'

I'm trying now buffer overflow exercise from the site pwnable.kr I found the string that should be entered to the gets frunction but got "Stack Smash Detected" then I found a solution in rickgray.me They suggest (python -c 'print "A" * 52 +…
dafnahaktana
  • 213
  • 1
  • 6
10
votes
1 answer

Buffer Overflow - Find address of shellcode

I've been working on Buffer-Overflow Vulnerability Lab from SEED (Lab Description and Tasks). The environment is Ubuntu 12.04 32 bit. Please consider the following code: /* stack.c */ /* This program has a buffer overflow vulnerability. */ /* Our…
alond22
  • 148
  • 1
  • 9
8
votes
1 answer

stack buffer overflow in the main function?

I am trying to exploit a stack based overflow vulnerability. All the examples I can find make use of a ret address though. The buffer overflow I found is inside the main function, and I cannot find any examples on how to do this. The code looks like…
Noah Goldsmid
  • 89
  • 1
  • 4
6
votes
2 answers

How to implement canaries to prevent buffer overflows?

This is probably a very basic question. I've read about canaries, and how they work in theory. You have a global variable that you set to a random number in the prolog of a function, do your function, and then verify its authenticity in the epilog.…
healthycola
  • 163
  • 1
  • 4
6
votes
1 answer

How do I organize my input for a buffer overflow?

I have a 32 bit linux binary that is susceptible to a buffer overflow. I figured out I need to input 1040 bytes before I can control the EIP register. I have a shellcode size of 28 bytes. How do I arrange this input to fill the buffer, insert my…
user1710563
  • 161
  • 1
6
votes
1 answer

Bypass Stack Canary by going past the return address

I was testing a simple C program with stack canary protection. I attempted to bypass the protection by overwriting past the function's return address and overwriting main's address. I am overwriting it with the address of a function within the…
dylan7
  • 747
  • 1
  • 9
  • 18
5
votes
1 answer

Buffer Overflow due to wrong data type

I am reading the OWASP page on buffer overflow. It mentions: buffer overflow can be prevented using higher-level programming languages that are strongly typed and developer should validate input to prevent unexpected data from being processed, such…
Jake
  • 1,095
  • 3
  • 12
  • 20
5
votes
2 answers

Buffer overflow - terminator canaries

I am reading an article on buffer overflow protection here. For terminator canaries, I follow the part that if a terminator like a zero is used for a canary, the attacker would have a terminator in the overflow, which will cause the overflow to…
Jake
  • 1,095
  • 3
  • 12
  • 20
5
votes
1 answer

Is a return to libc attack possible without the system function?

Every return to libc buffer overflow attack I've seen uses the system function to execute commands. I have an executable with DEP enabled (I can't execute on the stack) and the system function isn't linked in (at least, I don't think it is. Running…
gsgx
  • 1,215
  • 2
  • 12
  • 13
5
votes
1 answer

buffer/heap overflow - register of what is executed

When buffer overflow/heap overflow is executed, is EIP the one that tells which part will be executed next? Also, when exploiting the part that has buffer overflow vulnerability, after execution, will ESP point to the start of the exploit codes…
Sue Katty
  • 51
  • 1
  • 2
5
votes
1 answer

How did the "Blaster" worm trigger buffer overflows?

In "The Security Development Lifecycle" book, Michael Howard wrote: Take as an example the coding bug in Windows RPC/DCOM that the Blaster worm took advantage of (Microsoft 2003). The defective code looks like this: HRESULT GetMachineName(WCHAR…
Mohammad Sina Karvandi
  • 245
  • 2
  • 11
4
votes
2 answers

Inversed Data Direction on the Stack

As I remember from my micro controller course, the stack is at the end of the memory, while at the begin are some interrupt pointers, program code and later data. Since the stack is at the end of the memory it grows in the direction to smaller…
Angelo.Hannes
  • 1,099
  • 1
  • 9
  • 12
1
2 3 4 5 6