A buffer overflow occurs when a computer application attempts to assign data to a data structure past the point that the structure is designed to store information. In the classic case, a buffer is a sequential memory section that is assigned to contain information. The type of information can vary from an array of integers to objects. When information is stored outside the allocated block of memory, the program can crash or computer malware can infect it.
Why are Buffer Overflows Dangerous?
Buffer overflows are best known from the software security vulnerabilities they create. They often attack new web and stand-alone applications as well as older programs. Although it is difficult to discover a buffer overflow vulnerability, a number of attackers have identified buffer overflow vulnerabilities in a variety of products and web resources. Once identified, the vulnerability can infect the computer with malware, putting it at risk of attack.
How does a Buffer Overflow Work?
In the classic exploit, the person attacking the program or system sends information to the targeted application that is stored in an undersized buffer. The information on the call stack will be overwritten to include the return pointer of the function or method. The information that the attacker sent will set the return point’s value to transfer control to the computer malware or other malicious code stored in the attacking information. At the program architecture level, a buffer overflow vulnerability normally occurs when an attacker successfully finds a violation of the programming assumptions that error checking did not catch or when there is faulty memory manipulation.
Other Types of Buffer Overflows
A number of other buffer overflow attacks have emerged. These include the format string attack, off-by-one error, and heap buffer overflow. Commonalities between the various types include a programming code that relies on external data to control application behavior, complex programming architecture, and dependence on properties of data enforced outside the programming code’s immediate scope.
How can Buffer Overflow Attacks be Used against Web Applications?
Similar to traditional buffer overflow attacks, web applications are also susceptible to the attack. In the web app case, an attacker sends specifically designed data inputs to the app to cause it to execute arbitrary codes in order to take over the web or application server. The attack can also be used to target application server products and can pose significant risk to product users. Common web vulnerabilities arise when the apps rely on libraries to work and in custom code that does not undergo significant error testing.
How to Guard against Buffer Overflow Attacks
The primary means of defense against a buffer overflow attack is to keep computer applications and web products current. Failure to apply the most recent patches to products is one of the most common reasons for vulnerabilities to buffer overflow attacks. If running a website, using commonly available scanners to analyze the site to identify flaws in custom or commercially acquired web products is another proactive step that can be taken to identify the vulnerability prior to attacks.