BUFFER OVEFLOWS

9/18/2004

Buffer Overflows are a phenomena that can lead to program failure. They have received a lot attention in recent years because malicious programs can make use of buffer overflows to execute arbitrary code provided by a malicious user Exploitation of buffer overflows is one of the more common mechanisms used by Internet borne viruses and worms to infect PCs.

Buffer overflows are possible because the most commonly used programming languages for PCs, C and C++, and their traditional libraries do not check for attempts to transfer more information than a buffer will hold. If an attempt is accidentally made to read 128 bytes into a 100 byte buffer, 28 bytes of information outside the buffer will be overwritten. The problem is exacerbated because the methods used to pass data to programs on 80x86 often result in the extra 28 bytes overwriting an important knowable entity -- the program's return address storage. This means that a flaw that would otherwise by usable only to crash the software can sometimes be used to hijack the program's operation.

Many buffer overflows can be triggered by unexpected ("malformed") information entering a computer either via user inputs or over communication channels. Buffer overflows have been found and exploited in both Windows and Linux software. It is generally necessary for a programmer exploiting a buffer overflow to know what address the buffer overflow will overwrite. As a result, buffer overflow exploits generally must be tailored to a specific version of a specific program even if the underlying problem code may be present in several programs.