A buffer is a temporary data storage area that has a capacity limit. A person running several programs at one time needs the buffer zone to seamlessly process information before heading to its final storage area.
A buffer overflow happens when a program or process tries to store more data than the buffer can hold. The extra data is forced into other buffer zones, possibly corrupting the data already in there. Sometimes the buffer overflow is done intentionally, as in an attack. The buffer overflow works on the “last in, first out (LIFO) principle. The last string of data is the first string to be cut from the buffer and go into overflow. An example is below:
In this example, the program was written to accept 5 bytes in the “name” field. The buffer (small) can only hold two, moving the remaining 3 into the executable stack. Hackers take advantage of this by purposefully inserting malicious code at the end that they know will go into overflow. However, this is not always the case. Sometimes the C/C++ programming language often has errors caused by the limitations of the programmer. (Information Security, n..d.)
Fortunately, there are security features out there to detect and prevent this, such as Comodo Memory Firewall. (TechMixer, n.d.)
References:
1. " What is buffer overflow? - Definition from Whatis.com ." Information Security: Covering today's security topics . N.p., n.d. Web. 19 Dec. 2010. <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549024,00.html>.
2. " Prevent Buffer Overflow Attack with Comodo Memory Firewall." TechMixer | Review Software, Online services, Freeware and Others.. N.p., n.d. Web. 19 Dec. 2010. <http://www.techmixer.com/prevent-buffer-overflow-attack-with-comodo-memory-firewall/>.
No comments:
Post a Comment