A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Buffers contain a defined amount of data; any extra data will overwrite data values in memory addresses adjacent to the destination buffer. That sort of overflow can be avoided if the program includes sufficient bounds checking to flag or discard data when too much is sent to a memory buffer. [1]

Figure 1. Overview of Buffer Overflow Attack

Figure 1 shows developers can protect against buffer overflow vulnerabilities via security measures in their code, or by using languages that offer built-in protection.

In addition, modern operating systems have runtime protection. Three common protections are:

• Address space randomization (ASLR)—randomly moves around the address space locations of data regions. Typically, buffer overflow attacks need to know the locality of executable code, and randomizing address spaces makes this virtually impossible.
• Data execution prevention—flags certain areas of memory as non-executable or executable, which stops an attack from running code in a non-executable region.
• Structured exception handler overwrite protection (SEHOP)—helps stop malicious code from attacking Structured Exception Handling (SEH), a built-in system for managing hardware and software exceptions. It thus prevents an attacker from being able to make use of the SEH overwrite exploitation technique. At a functional level, an SEH overwrite is achieved using a stack-based buffer overflow to overwrite an exception registration record, stored on a thread’s stack.[3]

Types of Buffer Overflow Attacks

There are several types of buffer overflow attacks that attackers use to exploit organizations’ systems. The most common are:

• Usually, a bluejacker will only send a text message, but with modern phones it’s possible to send images or sounds as well.
• We can easily transfer data from mobile to laptop or from mobile to mobile in a short period.
• We can even enjoy music by wireless headphones through Bluejacking.

Disadvantages of Blue jacking:

• Stack-based buffer overflows: This is the most common form of buffer overflow attack. The stack-based approach occurs when an attacker sends data containing malicious code to an application, which stores the data in a stack buffer. This overwrites the data on the stack, including its return pointer, which hands control of transfers to the attacker.
• Heap-based buffer overflows: A heap-based attack is more difficult to carry out than the stack-based approach. It involves the attack flooding a program’s memory space beyond the memory it uses for current runtime operations.
• Format string attack: A format string exploit takes place when an application processes input data as a command or does not validate input data effectively. This enables the attacker to execute code, read data in the stack, or cause segmentation faults in the application. This could trigger new actions that threaten the security and stability of the system. [2]

References:

1. https://www.techtarget.com/searchsecurity/definition/buffer-overflow
2. https://www.fortinet.com/resources/cyberglossary/buffer-overflow
3. https://www.imperva.com/learn/application-security/buffer-overflow/

Cite this article:

Thanusri swetha J (2021), Overview of Buffer Overflow Attack, Anatechmaz, pp. 52