If you're interested in security "buffer overflow" will be familiar with the term, of those active on the Internet are everywhere If you are an administrator, a variety of buffer overflow exploit (exploit code) and also have a test you might have downloaded. Eotteohaetna the results? Exploit code that instructs the appropriate compile options and if the target server would have been easy to root. Of course, the attack had succeeded in "buffer overflow" I know everything about people who can say with confidence will not have much.
In this article, "buffer overflow" of the A ~ Z will not need to explain to the (already excellent document because they are released), "buffer overflow" for the purpose of understanding the concept to be explained.
"Buffer overflow" means?
Literally a buffer overflow (overflow) means that, when loosening the description that exceeds the amount of memory allocated to buffer the input data the program's return address (return address) to manipulate, and ultimately you want a hacker to execute code will In addition, the "buffer (buffer)" means the program needed to process the data that is stored temporarily in memory, stack space (stack) area and the heap (heap) belongs to this area, "buffer overflow" area of these two Depending on which of use can be divided into two groups. In this article the concept is well known stack-based buffer overflow with a focus on'll explain. Thus the concept of buffer overflows in order to understand the basic knowledge of programming is required and because of this is classified as advanced hacking techniques.
"Buffer overflow" the history of
Hacking is not a simple buffer overflow problems in the program was first introduced around 1973 as a data integrity problem in the C language for the first time the concept was known.
Moriseuwom since 1988 (Morris Worm) using two fingerd buffer overflow, it became known that the seriousness of this issue began to be recognized in 1997, the famous online security magazine Phrack (7 권 Issue # 49) on the Aleph One is " Smashing The Stack For Fun And Profit "means the document more widely known and has been published. This variety of "buffer overflow" attacks has become a fashion moment to read articles so far established itself as a hacker wannabe's are coming. After "buffer overflow" the SANS (www.sans.org)
TOP20 is announced each year by a significant number of attacks by hackers, accounting has come under steady love.
"Buffer overflow" and how is that?
The exact behavior of a buffer overflow in order to understand the principles of how the data is stored by the program must first understand doeneungareul. One program, which consists of a number of subroutines this subroutine is called by a program, function parameters and return address of a subroutine (return address) and stack pointer (stack) is stored in the logical data structures. Running the program stack to store the information you need is a memory area. At the end of the subroutine, the operating system it should return control to the calling program, so the subroutine returns a pointer through the execution of the program had finished will be at the return address.
Buffer memory that is allocated lower addresses in the address space is populated with a high, the stack area finally break out of the first to enter the data, LIFO (Last in, First out) has a specific. By the characteristics of these LIFO be the first to enter (return pointer) will be removed from the stack should be remembered that in the future. Subroutine has finished running the later is done it returns a pointer from the stack and subroutine to the calling function returns is to, if this pointer is not used, if the subroutine has finished running when the program no longer where you need to proceed will not know whether.
Pointer (pointer) to store the location of the memory variable. For the purpose of executing the program from where she left when you move to another code if you need to use pointers to remember and if you do not use the pointer at the end subroutine execution will not know whether to return to where.
If you manipulate the stack'll look at what happens. Program stored in the allocated space of a variable without checking the size of the data does not impose a limit on the size of the variable space will abound. In other words, the stored data to a buffer overflow occurs, the adjacent variable area will also eventually involve the pointer to the area will be involved. Hackers appropriate length and content of these data by adjusting the buffer overflow, causing the collapse of the stack by operating system specific code to be executed. In most cases, data sent by a hacker that can be run on a particular system and return a pointer stored in the machine code consists of a new address, new address, return the pointer stored in the stack area of memory, pointing back to a subroutine in the program When returned, the hacker will be created by running the command.
At this point you should consider a program that is targeted by hackers to attack whatever program is running code that is executed with the permissions. If you do, the result in successful hacker attacks on the system to gain the top, root or administrator privileges running programs will be targeted attack.
Theory seems to be very intuitive to actually launching an attack is not a simple task. However, this process is that you do not understand me how the script kiddies (script kiddie)
Easily using the published exploit code can try to buffer overflow attacks, so more work for a security administrator may be called a situation.
"Buffer overflow" vulnerability of the many reasons?
Many programs have an important reason for this vulnerability, error checking is not performed properly. Does not perform error checking one of the main reasons based on the developer because no special assumptions, and in normal circumstances, the size of the memory allocated for variables to be sufficient confidence is also a problem. Even users vulnerable application using the new specification correctly, even after all these years without any problems even if the behavior has been. One day, someone suddenly, "If the original program and put different kinds of information, which will happen?", "Program is expected to put more data than the size of what would happen?" An expression that was poised programs that do not perform error checking of the test subject is such a curiosity has become the goal of hacking.
Finish this piece, and
"Buffer overflow" attack the attacker wants to target vulnerable program code can be executed can be very dangerous in the sense that, as a result to get the system to stop the extent of damage range from range from obtaining administrative privileges is
The security manager "buffer overflow" to understand how it works, normally provided by the vendor to apply software patches, run the program with the least possible privileges, remove unnecessary services, intrusion prevention system with the possibility of attack damage by blocking harmful traffic should be minimized.
I'm in no trouble to abandon blind faith will be safe as well tomorrow. In this time the other side of the earth even harder to exploit and I'll have someone to test
No comments:
Post a Comment