Buffer Overflow
In computer security and programming, a buffer overflow is an anomaly where a program writes data to a buffer overruns the buffer’s boundary and overwrites adjacent memory. Partly because of programmers carelessness while writing a code.Sometimes a well written code can be exploited with buffer overflow attacks but depends upon the dedication and intelligence level of the attacker.
Following the trend of giving catchy names to serious operating system security flaws, the Linux vulnerability revealed recently by security researchers Qualys has been called Ghost. Like Heartbleed and Shellshock before it, the name is not plucked out of the air but refers to the functions called "gethostbyname" in which the flaw appears.
These functions translate user-friendly domain addresses such as example.com into numerical network IP addresses, such as 93.184.216.34, and are part of the GNU C library which is included in practically every Linux system. This is important, as with most servers on the internet running Linux there are an enormous number of potentially vulnerable systems. Successfully exploited, the flaw could allowing an attacker to gain control of the system. This is an example of a buffer overflow, one of the most persistent types of security problems that appears endlessly in lists of security vulnerabilities. For any computer security researcher it's a case of déjà vu.The amount of memory that can be overwritten in the Ghost vulnerability is really very small (either four or eight bytes, depending on whether the system is 32-bit or 64-bit). But even this tiny amount of memory may be sufficient to allow a complete compromise of the system. The degree of skill needed to exploit this particular bug may be very high but Qualys has offered an example of code that exploits the flaw based on something as simple as sending an email to a mail server.Buffer overflows are part of an even larger collection of exploits arising due to lack of proper parameter checking. In many online database access applications, a malicious user (or application) can supply input parameters that have been specially crafted so that they override any built-in checking. The most common of these is known as an SQL injection attack. Buffer overflows and SQL injection attacks are similar in that both exploit deliberately malformed data sent to program functions that cannot properly process it, and both exploit the absence of proper checking.
This is largely an avoidable problem. There have been concerted efforts by the software development world to seek out and fix buffer overflows in code. It seems, however, that they will always be with us.
9
Issue in Computer Security
Buffer overflows, if undetected, can cause your program to crash or produce unexpected results.
1. Buffer Overflow Exploits
2. Stack-based exploitation, Occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure, which is usually a 3. fixed-length buffer.
Heap-based exploitation, A deliberate exploit may result in data at a specific location being altered in an random way, or in illogical code being executed.
4. Barriers to exploitation, Manipulations could include conversion to upper or lower case, removal of meta characters and filtering out of non-alphanumeric strings.
PROTECTIVE COUNTERMEASURE
1. Programming language: certain programming language does not check that data written to a buffer is within the boundaries of that buffer.
2. Use of safe libraries
3. Buffer overflow protection: detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior or from becoming serious security vulnerabilities.
Obviously, the best defense is to not write code that is exploitable. Only safe string function calls should be used.