Buffer overflow exploits are one of the largest problems in
computer security today. In all application programs, there
are buffers that hold data. These buffers have a fixed size. If
an attacker sends too much data into one of these buffers,
the buffer overflows. The server then executes the data
that “overfl owed” as a program. Depending on the nature
of the data sent by the attacker to the buffer, this program
may do any number of things, from sending passwords to
unknown destinations and hackers, to altering system files,
or installing backdoors.
Programs can prevent buffer overflows by checking the
length of the data submitted to the buffer before storing
it in the buffer. If the data is too large, it returns an
error. Unfortunately, in developing software programs
or applications, many programmers forget to check the
length of the data before saving it to a buffer. Therefore,
applications that contain a large number of unchecked
buffers are vulnerable to attack. When a vendor releases
a patch to stop these potential buffer overfl ws, the patch
simply adds code that checks the length of the data before it
saves it to the buffer. If a patch is available, it will prevent a
buffer from being overflowed.
Buffer overflow exploits are such a large problem for
several reasons:
• Buffer overflow exploits are very common. There are hundreds of known unchecked buffers that can be overfl owed by hackers, with more being discovered all the time. Over 50 percent of the CERT advisories deal with buffer overfl ow exploits• Buffer overflow exploits are easy to use. Anyone (10-yearolds and script kiddies included) can download buffer overflow attack code and follow a simple “recipe” to execute it. No advanced technical knowledge is necessary to run pre-written buffer overfl ow exploit programs• Buffer overflow exploits are very powerful. In many cases, the malicious code that executes as a result of a buffer overflow will run with administrator-level privileges, and therefore can do anything it wants to the server
