What is a Buffer Overflow Attack?
In a buffer overflow attack, an application receives more input than it expects, which results in an error that exposes the system memory to malicious threats. While the buffer overflow is not a cause of damage, it does create a vulnerability that can be exploited by cyberattackers. One method for a buffer overflow attack involves cyberattackers exploiting buffer issues by overwriting the memory of an application. In doing this, the cyberattacker changes the execution path of the program, triggering a response that exposes private information or damages files. They do this by introducing extra code or sending new instructions to the application to gain access to IT systems. The stack-based buffer overflow attack type is the more common type of buffer overflow attack where the cyberattacker leverages stack memory that only exists during the execution time of a function. In a heap-based attack, cyberattackers flood the memory space allocated for a program beyond memory used for current runtime operations. In an integer overflow attack, an arithmetic operation results in an integer (whole number) that is too large for the integer type meant to store it. Unicode overflow attack creates a buffer overflow by inserting Unicode characters into an input that expects ASCII characters. C and C++ languages are highly susceptible to buffer overflow attacks.
Buffer overflow attacks can be prevented by security measures in the code written by web developers and by using languages that offer built-in protection such as PERL, Java, JavaScript, and C#. Other protections include:
Address space randomization. Address space randomization randomly rearranges the address space locations of key data areas of a process. Buffer overflow attacks typically rely on knowing the locality of executable code, and randomizing address spaces makes this virtually impossible.
Data execution prevention. Certain areas of memory are flagged as either executable or non-executable, which prevents exploits from running code found in a non-executable region.
Structured exception handler overwrite protection (SEHOP). SEHOP stops malicious code from attacking Structured Exception Handling (SEH), a built-in system for managing exceptions, which prevents a cyberattacker from being able to execute an SEH overwrite exploitation technique.
Other methods for buffer overflow attack protection involve:
- Performing routine code auditing
- Training bounds checking, use of unsafe functions, and group standards
- Using safe functions
- Using compiler tools
- Patching we and application servers regularly
- Be aware of bug reports relating to applications relating to your code
- Routinely scan your application with products that look for buffer overflow flaws in your server products and custom web applications