Copyright © Philip M. Parker, INSEAD. Terms of Use.
| Domain | Definition |
Computing | Buffer overflow n. What happens when you try to stuff more data into a buffer (holding area) than it can handle. This problem is commonly exploited by crackers to get arbitrary commands executed by a program running with root permissions. This may be due to a mismatch in the processing rates of the producing and consuming processes (see overrun and firehose syndrome), or because the buffer is simply too small to hold all the data that must accumulate before a piece of it can be processed. For example, in a text-processing tool that crunches a line at a time, a short line buffer can result in lossage as input from a long line overflows the buffer and trashes data beyond it. Good defensive programming would check for overflow on each character and stop accepting data when the buffer is full up. The term is used of and by humans in a metaphorical sense. "What time did I agree to meet you? My buffer must have overflowed." Or "If I answer that phone my buffer is going to overflow." See also spam, overrun screw. Source: Jargon File. |
Source: compiled by the editor from various references; see credits. | |
(From Wikipedia, the free Encyclopedia)
Buffer overflow bugs are frequently security vulnerabilities. A program which takes advantage of a vulnerability to subvert another program's security is called an exploit. A buffer overflow exploit works by feeding the program with specially crafted content designed to change the data that follows the buffer in memory. Buffer overflows are most easily exploited when the buffer is in the program stack, since this can lead directly to an alteration of the program's execution path.
Determining the exploitability of a buffer overflow vulnerability can be difficult even for experienced programmers, since it involves a lot of high and low level knowledge of the architecture internals and the target program. Overflows of as little as a single byte beyond the end of a buffer have proved to be exploitable.
Generally, the buffer overflow problem is caused by careless programming. Avoiding them is still a manual process as most formal verification systems have yet proven unattainable in modern programming languages.
Buffer overflows are common only in programs written in relatively low-level programming languages, such as assembly language, C and C++. Many programming languages use a combination of run time checking and static analysis to make it difficult or impossible to code a buffer overflow bug. However, runtime systems and libraries for such languages may occasionally have buffer overflows.
See This slashdot link for a remarkably loyal coverage of OpenBSD's progress.
In 1989, the Morris worm used a buffer overflow in a Unix program called finger to propagate itself over the Internet. Even after this incident, buffer overflows were virtually ignored as security issue by the public. Later, in 1995, Thomas Lopatic independently reinvented the buffer overflow and published his findings on the Bugtraq security mailing list, which caused a wave of new security relevant buffer overflows to be found.
Examples of Prevention
IDS
The use of Intrusion Detection Software can detect remote attempts to use buffer overflows. Since most buffer overflows contains a long array of NOPs, the IDS just has to block all incoming packets containing suspiciously many NOPs. (In most assembly languages, "NOP" stands for "No OPeration".) Recently, crackers have begun to use alphanumeric, polymorphic and self-modifying shellcodes to slip through the IDS.C
Various techniques have been used to make buffer overflows in C programs less likely. Systems such as stackguard provide protection against the most common techniques for exploiting buffer overflows by checking that the stack has not been altered when a function returns. OpenBSD
Known to be the open source operating system that is concerned most with security. As most operating systems, OpenBSD is written in the low level C. Yet, it is known to employ its own variant of stackguard, and the project has completed rigorous manual sweeps of the code to address issues most systems just haven't.History
Related articles
External links
Source: adapted by the editor from Wikipedia, the free encyclopedia under a copyleft GNU Free Documentation License (GFDL) from the article "Buffer overflow."
Crosswords: BUFFER OVERFLOW |
| Specialty definitions using "BUFFER OVERFLOW": buffer chuck ♦ firehose syndrome. (references) |
| The following statistics estimate the number of searches per day across the major English-language search engines as identified by various trade publications. Hyperlinks lead to commercial use of the expression at Amazon.com. |
| Expression | Frequency per Day |
buffer overflow | 28 |
attack buffer overflow | 5 |
buffer overflow tutorial | 3 |
buffer overflow write | 2 |
| Source: compiled by the editor from various references; see credits. | |
Hexadecimal (or equivalents, 770AD-1900s) (references)42 55 46 46 45 52 4F 56 45 52 46 4C 4F 57 |
| Leonardo da Vinci (1452-1519; backwards) (references)
|
Binary Code (1918-1938, probably earlier) (references)01000010 01010101 01000110 01000110 01000101 01010010 00100000 01001111 01010110 01000101 01010010 01000110 01001100 01001111 01010111 |
HTML Code (1990) (references)B U F F E R   O V E R F L O W |
ISO 10646 (1991-1993) (references)0042 0055 0046 0046 0045 0052 004F 0056 0045 0052 0046 004C 004F 0057 |
Encryption (beginner's substitution cypher): (references)36554040395224956395240464957 |
| 1. Crosswords 2. Expressions: Internet 3. Orthography 4. Bibliography |
Copyright © Philip M. Parker, INSEAD. Terms of Use.
