EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions


Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
1207 Apr 2015 - 15:32ThomasMisa 
1105 Mar 2015 - 14:08sever408? 
1005 Mar 2015 - 14:05sever408? 
923 Feb 2015 - 12:20sever408? 
816 Nov 2014 - 17:02ThomasMisa 
716 Nov 2014 - 17:01ThomasMisa 
630 Oct 2014 - 17:59ThomasMisa 
530 May 2014 - 16:28ThomasMisa 
425 Feb 2014 - 10:05norqu036? 
311 Feb 2014 - 11:13norqu036? 
earlier first

Render style:     Context:


 History: r12 | r4 < r3 < r2 < r1
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Mechanisms>MechanismsBufferOverflow (revision 2)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

Buffer Overflow

As one textbook puts it, "a buffer overflow is the computing equivalent of trying to pour two liters of water into a one-liter pitcher: some water is going to spill out and make a mess." A buffer overflow, sometimes called a buffer overrun, occurs when a program that is writing data to a buffer (a sequential section of memory) writes data past buffer's boundary and into adjacent memory. Some computing languages do not require the programmer to pre-define the size of the buffer, which means that the compiler has no way to know whether the boundary of the buffer has been breached by some other part of the program. Even in programming languages that do check such things, there is no way to check every single circumstance due to the sophistication of modern programs and the practical limits of the the compiler.(1)

Fortunately, overflows only cause serious problems in some instances. When an overflow occurs, the computer writes the data into another part of the memory. The damage caused by the overflow therefore depends on what exactly is in the space that gets overwritten. In some cases the program overflows into either the user's data space or the user's program area. In each of these cases the consequences are limited solely to the user and to the program in question. If the space contained already-used data or an already-performed program instruction, then there would be no detectable affect on the program. If the data or program instruction have not been used, then there will be either errors or inaccuracies in the program depending on the nature of the data overwritten. In more serious cases, however, the program overflows into system data or system code. This means that the problem is not localized to the current program, but will instead cause errors in the operating system. This is the vulnerability that malicious persons sometimes seek to take advantage of by placing unauthorized instructions within the operating system.(2)

The operating system of a computer generally has much higher privileges than normal programs, so any malicious code executed masquerading as the operating system will have identical privileges. This allows the malicious programmer to gain control over the system. Despite the fact that they are difficult to find and take a great deal of experimentation to exploit, buffer overflows are the target of many forms of malicious code, including the SQLSlammer worm (sometimes called the Sapphire worm).(3)

Notes

1 , 2 , 3 : Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing. 3rd Edition, New Jersey: Prentice Hall, 2003.


Edit | WYSIWYG | Attach |  PDF |  History: r12 | r4 < r3 < r2 < r1 |  Backlinks |  Raw View | More topic actions...
Topic revision: r2 - 05 Feb 2014 - 11:25:35 - norqu036
 
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback