Buffer Overflows - CompTIA Security+ SY0-701 - 2.3

Understanding Buffer Overflow Attacks

What is a Buffer Overflow Attack?

• A buffer overflow attack occurs when an attacker writes more data than expected into a specific area of memory, causing the excess data to overflow into adjacent memory areas.

• Application developers typically implement bounds checking to ensure that only a predetermined amount of data (e.g., 8 bytes) is written to a section of memory, preventing overflows.

Exploiting Buffer Overflows

• Although finding a buffer overflow vulnerability can be challenging, exploiting it may lead to unexpected behavior such as application crashes or unintended functions being executed.

• Attackers seek repeatable buffer overflows that consistently provide them with advantageous functionalities within the application.

Example of Buffer Overflow

• In an illustrative example, two variables in memory are discussed: variable A (initially empty) and variable B (holding the value 1979), which controls user rights based on its value.

• For administrative rights, variable B must exceed 24,000. Normally, this value cannot be altered from within the application.

Mechanism of Exploitation

• The attacker exploits a vulnerability in variable A by writing 9 bytes instead of the allowed 8 bytes. This action fills variable A and causes an overflow into variable B.

• By storing the word "excessive" (which has nine characters), the first eight characters fill variable A while the ninth character modifies variable B's first byte.

Resulting Impact