What is Buffer Overflow Attack?

buffer overflow attack

Buffer Overflow Attacks are used by attackers to disrupt website availability, gain access to unauthorized data, and/or execute malicious code. Attackers make use of common coding mistakes/ flaws known as buffer overflow vulnerabilities. In this article, we will explore Buffer Overflow Attacks and their prevention in detail.

An Introduction to Buffer Overflow

Buffers are designed to store only a specified amount of data at a time. Unless it has built-in instructions to automatically discard data when it is too full, it will bleed into and overwrite in the adjacent memory locations. This anomaly is a buffer overflow/ buffer overrun.

You may also want to read about, OWASP Security Misconfiguration

Definition

Types

  • Heap-based attacks: Targets the open memory pools called heaps
  • Unicode overflow: Uses Unicode as input to flood memory
  • Integer overflow attacks: Uses arithmetic operations that result in integers larger than the integer capacity to orchestrate attacks.

Consequences

  • Arbitrary code execution triggering undesirable application behavior and actions.
  • Unauthorized access to the application or data
  • Subversion of security systems in place

Buffer Overflow Vulnerabilities: How Do They Work?

How do Attackers Orchestrate Buffer Overflow Attacks?

Causes

C and C++ programming languages are more vulnerable to Buffer Overflow Attacks as they lack in-built bounds-checks and protection against this attack type. Applications that libraries and custom code are at a higher risk of buffer overflow.

Ways to Prevent Buffer Overflow Attacks

Secure Coding and Development Practices

  • Choose languages with in-built protection mechanisms such as C#, Java, JavaScript, PERL, and so on.
  • If using C/ C++ languages, standard library functions that do not have bounds-checks should be avoided.
  • Use special security procedures in the code to minimize the likelihood of buffer overflow vulnerabilities.
  • Review all custom codes and codes that accept user inputs via HTTP requests used in the application.
  • Ensure that all inputs are size, and bounds checked.
  • Proactively identify and fix coding errors.

Check out OWASP Top 10 Web Application Security Vulnerabilities to Watch Out for in 2020

Runtime Protection

  • Structured Exception Handler Overwrite Protection (SEHOP): The Structured Exception Handler (SEH), a built-in system, helps in handling software and hardware exceptions. SEHOP enables businesses to prevent attackers from overwriting and attacking the SEH.
  • Address Space Randomization (ASLR): ASLR randomly moves around the address spaces of data locations. Without knowledge of where the executable code exists, it is nearly impossible to execute Buffer Overflow Attacks.
  • Data Execution Prevention: By marking certain memory regions as executable and non-executable, attackers are prevented from executing malicious code in non-executable areas.

Conclusion

For more cybersecurity features and news, follow Indusface on Twitter and Facebook.

Originally published at https://www.indusface.com.

With cyber-security products built in the cloud and the most advanced intelligence platform, our variety of solutions will help you prevent today’s risk