Software Sec: C / C++ Buffer overflows and Robert Morris
Buffer Overflow = any access of a bugger outside of its allotted bounds
- over-read or over-write
- could be during iteration (running off the end), or direct access (pointer arithmetic)
- this is a general definition; some people use more specific definitions of differing types of buffer overflows
A buffer overflow is a bug that affects low-level code, typically C and C++ with significant sec implications
Normally causes a crash, but can be used to:
- dump/steal information
- corrupt information
- run code (payload)
They also share common features with other bugs.
C and C++ are the most popular languages (behind Java) and therefore buffer overflows are a major vuln. C/C++ are heavily used in:
- OS Kernels
- embedded systems
- HPC servers
First buffer overflow occurred in 1988 by a student named Robert Morris, as part of a self-propagating computer worm that was an attack against fingerd and VAXes (Morris was caught and punished but is now a MIT professor); this worm affected 10% of the Internet
In 2001, CodeRed exploited a buffer overflow in the MS-IIS server, which infected >300,000 machines in 14 hours
In 2003 SQL Slammer worm infected 75,000 machines in 10 minutes by exploiting a buffer overflow in MS-SQL Server
In 2014 a latent buffer overflow bug was found in X11 that had been present over 23 years.