Buffer overflows are possible because the most commonly used programming languages for PCs, C and C++, and their traditional libraries do not check for attempts to transfer more information than a buffer will hold. If an attempt is accidentally made to read 128 bytes into a 100 byte buffer, 28 bytes of information outside the buffer will be overwritten. The problem is exacerbated because the methods used to pass data to programs on 80x86 often result in the extra 28 bytes overwriting an important knowable entity -- the program's return address storage. This means that a flaw that would otherwise by usable only to crash the software can sometimes be used to hijack the program's operation.
Many buffer overflows can be triggered by unexpected ("malformed") information entering a computer either via user inputs or over communication channels. Buffer overflows have been found and exploited in both Windows and Linux software. It is generally necessary for a programmer exploiting a buffer overflow to know what address the buffer overflow will overwrite. As a result, buffer overflow exploits generally must be tailored to a specific version of a specific program even if the underlying problem code may be present in several programs.
Return To Index Copyright 1994-2002 by Donald Kenney.