Posts Tagged ‘software-sec’

Software Sec: C / C++ Buffer overflows and Robert Morris

Buffer Overflow = any access of a bugger outside of its allotted bounds
  •      over-read or over-write
  •      could be during iteration (running off the end), or direct access (pointer arithmetic)
  •      this is a general definition; some people use more specific definitions of differing types of buffer overflows

A buffer overflow is a bug that affects low-level code, typically C and C++ with significant sec implications

Normally causes a crash, but can be used to:
  • dump/steal information
  • corrupt information
  • run code (payload)
They also share common features with other bugs.
C and C++ are the most popular languages (behind Java) and therefore buffer overflows are a major vuln. C/C++ are heavily used in:
  •      OS Kernels
  •      embedded systems
  •      HPC servers
 First buffer overflow occurred in 1988 by a student named Robert Morris, as part of a self-propagating computer worm that was an attack against fingerd and VAXes (Morris was caught and punished but is now a MIT professor); this worm affected 10% of the Internet
In 2001, CodeRed exploited a buffer overflow in the MS-IIS server, which infected >300,000 machines in 14 hours
In 2003 SQL Slammer worm infected 75,000 machines in 10 minutes by exploiting a buffer overflow in MS-SQL Server
In 2014 a latent buffer overflow bug was found in X11 that had been present over 23 years.