1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is a buffer overrun - how is it done - what happens from it.

Discussion in 'Computer Security' started by beaumontdvd, Jan 19, 2010.

  1. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Hi everyone, once again im studying. Im reading about buffer overruns and how they are a security hazard for network administrators if permissions are not set correctly.

    But what exactly is a buffer overrun?
    Is it done through code?
    What occurs once the buffers overrun?

    How is it a security issue, sorry the book doesn't explain much about it apart from permissions.
    Hope someone can help

    Thanks in advance,

    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Google + Wikipedia = WIN
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thanks, but thats a bit complicated for me. Thats why I asked on here. I thought someone might be able to explain it.

    Regards,
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  4. swatto

    swatto Byte Poster

    168
    3
    22
    Well if im reading correctly, in simple terms a buffer overflow/underrun is basically when a process stores data larger than the memory buffer that has been set for it and so the extra data overwrites program data like variables and program flow data which can create security risks and vunerabilities within programs/permissions.

    I understand what it means but kinda have trouble explaining it - sorry if that doesn't make it any clearer :oops:
     
    Certifications: BTEC Nat Dip: Software Dev, A+
    WIP: None Yet
  5. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    You are correct swatto, the clever bit happens when they manage to inject data into the stack frame which can allow them to change the return address of a function.

    Basically it allows them to 'inject' a goto into the program, they can them make this goto point to a block of code that they have also injected as data into a buffer.

    Now they have bootstraped themselves into your process and are running their code under your processes security context !

    I'm not an expert either, there are many different approaches and counter measures, but thats the basics.

    One common counter measure is DEP for example (although I expect this relates to heap based overflows!).

    http://en.wikipedia.org/wiki/Data_Execution_Prevention
     
    Last edited: Jan 19, 2010
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  6. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thanks you lot. That explains it. Its much easier to understand when someone else explains I think.

    Thanks again :) Repped

    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  7. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Too much water... not enough bucket. 8)
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  8. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    Whilst I agree people should learn to research, it would hugely benefit this sites search engine rankings and visitor retention if people filled it with knowledge (and yes i appreciate you posted a link unlike some others on this occasion) as search engines love content.
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal
  9. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    I think Qs handled it just fine... two birds, one stone, and all that. Providing links is great... but we should *always* encourage techs to do their own research.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...