IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [buffer-overflow]

A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.

Buffer overflow vulnerabilities like stack buffer overflows can be exploited to gain control of the program (and run arbitrary code) by changing control flow data, or at the very least they can crash the target program.

497 questions
135
votes
8 answers

Why are programs written in C and C++ so frequently vulnerable to overflow attacks?

When I look at the exploits from the past few years related to implementations, I see that quite a lot of them are from C or C++, and a lot of them are overflow attacks. Heartbleed was a buffer overflow in OpenSSL; Recently, a bug in glibc was…
Nzall
  • 7,313
  • 6
  • 29
  • 45
94
votes
3 answers

Stack Overflows - Defeating Canaries, ASLR, DEP, NX

To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an attacker could possibly bypass these protection…
sudhacker
  • 4,260
  • 5
  • 23
  • 34
68
votes
2 answers

What is the most hardened set of options for GCC compiling C/C++?

What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are there performance concerns or other issues that…
rook
  • 46,916
  • 10
  • 92
  • 181
56
votes
7 answers

How to explain buffer overflow to a layman

Every once in a while (when I think out loud and people overhear me) I am forced to explain what a buffer overflow is. Because I can't really think of a good metaphor, I end up spending about 10 minutes explaining how (vulnerable) programs work and…
KnightOfNi
  • 2,247
  • 3
  • 18
  • 23
45
votes
8 answers

Should I bother teaching buffer overflows any more?

The students are skeptical that turning off non-executable stacks, turning off canaries and turning off ASLR represents a realistic environment. If PaX, DEP, W^X, etc., are effective at stopping buffer overflow exploits, is there still value in…
Fixee
  • 1,545
  • 2
  • 15
  • 24
45
votes
3 answers

Does a buffer overflow vulnerability always mean a code execution vulnerability?

Since buffer overflows always let an evil hacker write outside the buffer and overwrite the return pointer to a shellcode the evil hacker can place, does it mean that successful exploitation of a stack buffer overflow always means the ability to…
Sreeraj
  • 1,297
  • 1
  • 13
  • 21
39
votes
3 answers

How big is a canary word on Linux, typically?

A canary word is a sequence of bits placed at the boundary between a buffer (such as a stack) and control data in a program, as a way of detecting and reacting to buffer overflows. How many bits long are these canaries on Linux, usually?
MR.X_XD
  • 501
  • 1
  • 4
  • 5
28
votes
2 answers

Is there any security risk in not setting a maximum password length?

I'm a listener of the podcast "Security Now" where they often claim that there are no reasons to limit the number of characters a user can use in their passwords when they create an account on a website. I have never understood how it is even…
Thomas
  • 390
  • 3
  • 8
23
votes
2 answers

Exploiting buffer overflow leads to segfault

I am trying to exploit simple stack overflow vulnerability. I have a basic code in c: #include int main( int argc, char** argv ) { char buffer[500]; strcpy(buffer, argv[1]); return 0; } compiled using…
tsusanka
  • 447
  • 1
  • 3
  • 10
23
votes
4 answers

Cloudbleed: is it actually important to change ALL passwords?

In response to Google and Cloudflare's recent disclosures of the Cloudbleed vulnerability, some sources like TNW are recommending that people change passwords for sites and services that use CloudFlare. This seems to me a reasonable…
Andy Giesler
  • 351
  • 1
  • 7
22
votes
3 answers

How can vending machines be hacked? And how can I prevent it?

I am developing a vending machine and want to make it secure. In a comment to my previous question, @Polynomial said "Vending machines (and similar devices) can often be pwned via buffer overflows on all sorts of easily accessible interfaces." I…
Mawg says reinstate Monica
  • 1,368
  • 2
  • 13
  • 26
21
votes
4 answers

Security Implications of Neglecting the Extra Byte for NULL Termination in C/C++ Arrays

Please Consider: English is my second language. On the Security Now! podcast episode 518 (HORNET: A Fix for TOR?), at the 27:51 mark Steve Gibson quotes an example of vulnerable code in C/C++: "[...] one of them [problems with vulnerable code] is…
user82100
20
votes
5 answers

Is it possible to find a buffer overflow in WordPress?

I had an interesting conversation with a pentester who told me he had found a buffer overflow in Wordpress. The person in question was really adamant that this was true. The client is a bit skeptical about the technical skills of the pentesting firm…
Wealot
  • 879
  • 2
  • 12
  • 25
19
votes
5 answers

Would the Heartbleed bug have been prevented if OpenSSL was written in Go/D/Vala?

IIUC the Heartbleed vulnerability happens due to a bug in the C source code of OpenSSL, by performing a memcpy() from a buffer that is too short. I'm wondering if the bug would have been prevented automatically in other languages that have…
oliver
  • 541
  • 4
  • 10
19
votes
6 answers

Do high level languages allow for buffer / heap overflow?

I'm learning about basic x86 overflows in C but normally I code with Python. Is there anyway that programs written in higher level languages can suffer from buffer/heap overflow?
blank
  • 225
  • 1
  • 3
1
2 3
33 34