Buffer Overflow

Contributing Writer, Computerworld |

Can there exist too much of a good thing? That's certainly truthful for figurer input. Do an Internet search on the term buffer overflow, and you'll come up with hundreds of thousands of links, nigh related to security.

In the National Institute of Standards and Applied science'south ICAT alphabetize of figurer vulnerabilities (http://icat.nist.gov ), six of the top 10 involve buffer overflows. In 1999, the at present-defunct research business firm Hurwitz Group Inc. named buffer overflow the No. ane estimator vulnerability. Four years afterward, it's still a major problem.

More

Computerworld
QuickStudies

If you've ever poured a gallon of water into a pint-size pot, you know what overflow means -- water spills all around.

Inside a computer, something similar happens if you try to shop as well much data in a space designed for less. Input usually goes into a temporary storage surface area, called a buffer, whose length is defined in the plan or the operating organisation.

Ideally, programs check data length and won't permit you input an overlong data string. But virtually programs assume that data will always fit into the space assigned to information technology. Operating systems apply buffers called stacks, where information is stored temporarily between operations. These, too, can overflow.

When a too-long data string goes into the buffer, whatsoever backlog is written into the expanse of retentivity immediately post-obit that reserved for the buffer -- which might be another data storage buffer, a pointer to the next educational activity or another programme's output area. Whatever is there is overwritten and destroyed.

That in itself is a problem. Just trashing a piece of data or set of instructions might crusade a program or the operating organisation to crash. But much worse could happen. The extra bits might be interpreted as instructions and executed; they could do virtually anything and would execute at the level of privilege (which could be root, the highest level) assigned to that particular memory surface area.

Bad Programming

Buffer overflow results from a well-known, easily understood programming error. If a plan doesn't cheque for overflow on each character and stop accepting data when its buffer is filled, a potential buffer overflow is waiting to happen. Still, such checking has been regarded as unproductive overhead - when computers were less powerful and had less memory, there was some justification for not making such checks. Moore's Constabulary has removed that excuse, but nosotros're notwithstanding running a lot of code written ten or 20 years ago, even inside electric current releases of major applications.

Some programming languages are allowed to buffer overflow: Perl automatically resizes arrays, and Ada95 detects and prevents buffer overflows. Notwithstanding, C -- the virtually widely used programming language today -- has no built-in bounds checking, and C programs often write by the terminate of a character array.

Also, the standard C library has many functions for copying or appending strings that do no boundary checking. C++ is slightly better simply can still create buffer overflows.

Cracker's Choice

Buffer overflow has go 1 of the preferred set on methods for writers of viruses and Trojan horse programs. Crackers are good at finding programs where they tin can overfill buffers and trigger specific actions running nether root privilege -- say, telling the computer to damage files, change information, disembalm sensitive information or create a trapdoor access point.

In July 2000, information technology was discovered that Microsoft Outlook and Outlook Express let attackers compromise target computers only past sending e-mail messages. No i even had to open a bulletin; as soon as the user downloaded the bulletin, bulletin-header routines went into activeness - with unchecked buffers that could overflow and trigger code execution. Microsoft has since created a patch that eliminates the vulnerability.

Kay is a Computerworld contributing writer in Worcester, Mass. Contact him at russkay@charter.internet.

See additional Computerworld QuickStudies

Tips From Security Experts

Stories in this report:

  • Editor'southward Note: Tips From Security Pros
  • The Story And so Far: IT Security
  • Know Thy Users: Identity Management Done Right
  • Stance: Feeling Insecure Most Databases
  • Evaluate Outsourcing Partners
  • Strengthen Security During Mergers
  • Thwart Insider Abuse
  • Privacy Protection, Step past Step
  • Plug IM'southward Security Gaps
  • Boost Your Security Career
  • The Almanac: IT Security
  • Buffer Overflow
  • The Next Chapter: It Security
  • Disappointment attacks on Apache Spider web servers
  • Tips for Securing Your Windows Operating System
  • The Hacker's Wireless Toolbox Part ane
  • How to defend confronting internal security threats
  • 10 ways to defend against viruses
  • Decoding Mobile Device Security
  • Five ways to thwart threats to your network
  • Secrets to the best passwords
  • Social engineering: Information technology's a affair of trust
  • Five tips for effective patch direction
  • Security Nuts: Where to Start
  • Steps to a secure operating organization
  • WLAN chip sets open up a new door to insecurity

Copyright © 2003 IDG Communications, Inc.