AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Example buffer overflow9/12/2023 ![]() ![]() What is a buffer and how does a buffer overflow occur?Ī buffer is a block of memory assigned to a software program by the operating system. To understand how buffer overflows happen, we need to know a little about memory, especially the stack, and about how software developers need to manage memory carefully when writing code. Although some blame various programming languages, or features of them, as having an unsafe design, the culprit seems to be more the fallible use of these languages. More than thirty years on from the Morris worm, we are still plagued by buffer overflow vulnerabilities with all their negative consequences. Both the Code Red and SQL Slammer worms spread via buffer overflow vulnerabilities. SQL Slammer crashed routers, significantly slowing down or even stopping network traffic on the internet. Then, in 2003, the SQL Slammer worm attacked more than 250,000 systems running Microsoft’s SQL Server software. ![]() Code Red defaced webpages and attempted to launch denial-of-service attacks, including one on a White House web server. In 2001, the Code Red worm infested more than 359,000 computers running Microsoft’s IIS software. Although a few positives came from this attack, especially in pushing software vendors to take vulnerabilities seriously and in the creation of the first Computer Emergency Response Team (CERT), this attack was far from the last to capitalize on a buffer overflow. Around 6,000 of the 60,000 computers connected to ARPANET, a precursor to the Internet, were infected with the Morris worm. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc metadata) and uses the resulting pointer exchange to overwrite a program function pointer.The Morris worm of 1988 was one of those industry-shaking experiences that revealed how quickly a worm could spread using a vulnerability known as a buffer overflow or buffer overrun. In heap buffer overflow, the attacker tries to overwrite the internal structures such as linked list pointers.
0 Comments
Read More
Leave a Reply. |