How to stop buffer-overflow attacks and find flaws, vulnerabilities

How to stop buffer-overflow attacks and find flaws, vulnerabilities

Buffer-overflow flaws and vulnerabilities can cause serious damage to an organization by means of an embarrassing and expensive data security breach or by enabling an attacker to assault a Web application

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at [email protected].

and gain control of a corporate machine.

This tip delves into the inner workings of a buffer-overflow attack to uncover how they unfold and identify ways in which to stop a buffer-overflow attack from compromising enterprise Web applications.

What is a buffer overflow and how does it work?
A buffer is a temporary area for data storage. When more data than was originally allocated to be stored in a buffer gets placed there by a program or system process, the extra data will overflow, hence the name, causing some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.

In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information.

Hackers would use a buffer-overflow exploit to take advantage of a program that is waiting on a user's input. There are two types of buffer overflows: stack-based and heap-based. Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program. Stack-based buffer overflows, which are more common among hackers, exploit applications and programs by using what is known as a stack: memory space used to store user input.

For more information:
Web applications are the conduit for buffer-overflow attacks on the Web server. These buffer-overflow tools can help thwart attacks.

In this two-part series, Brien Posey explains how to identify and prevent buffer-overflow attacks on home-grown applications.
A stack can only hold a certain amount of data, and if the input string is longer than the amount of space reserved, then the result is an overflow, creating a security hole. Savvy malicious hackers seek out these flaws with specially written commands that cause an overflow and trigger an attack. Once the malicious command causes the overflow, the hacker must still execute the command by indicating a return address that points to the command. The buffer overflow causes the application to crash partially, but it tries to recover by going to the return address, which has been redirected to the malicious command by the hacker.

When the buffer-overflow attack runs the command found at the new return address, the program thinks it is still running. This means that the command prompt window that has been opened is running with the program's or application's same set of executable permissions as the application that was compromised, allowing the hacker to gain full control of the operating system.

How to stop a buffer overflow from attacking applications
Now that you know how a buffer-overflow attack works, you can better grasp how to prevent them from infiltrating your system and taking control of your applications. Here are some ways to bulk up your defenses and prevent a buffer overflow:

1. Avoid using library files: Library files, which are used in programming language and are inherently insecure, are a target for hackers during application attacks. Any weakness found by a hacker in a library file will also exist in all applications that use that library file, giving hackers a glaring target for a potential attack.

2. Filter user input: Filtering out possibly dangerous HTML code and characters that could cause database problems. For example, in ASP code, the apostrophe, quotation mark and ampersand symbols are all reserved symbols. These reserved symbols can't be included within a user's input or they will cause the application to crash. Filter them out and replace them with something else to avoid complications and problems.

3. Test applications: Be sure to test all applications prior to deployment; trying to break into every application to ensure secure coding. If the application breaks, it will be clear that there is a problem that needs to be fixed before a hacker is able to exploit it.


WEB APPLICATION ATTACK SECURITY

  Introduction: Web application security
  How to stop buffer-overflow attacks
  Prevent cross-site scripting hacks
  Stopping SQL injection hack attacks
  Distributed denial-of-service protection

This was first published in January 2010

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top