Jump to content

Buffer overflow

isadora

By isadora
in Software

 Share

Recommended Posts

isadora Awesome

isadora

Posted
Posted

Updates are issued most of time for security-issues. One commonly patched error is the so called "buffer overflow". For as far to my knowledge, this has something to do with memory twice given back by a closing application. How can this be of any problem on one's system?

And is there any way monitoring for "buffer overflows" on the system?

 

Not so much a problem, but just interested.

 

Thanks everybody, and isadora greets with a happy and better 2005...

 

:drum:

Link to comment
Share on other sites
tyme Platinum

tyme

Posted
Posted

buffer overflow refers to a condition when a program writes outside of it's designated portion of RAM. A "hacker" can use a program that's not secured properly (checks aren't made to avoid a buffer overflow condition) to overwrite system code that has been stored in the RAM so that instead of their code/exploit/whatever being run at the level of the regular user it gets run as root, or system in the case of Windows. There's more to it than that, but that's the basic idea.

 

as far as tools to monitor...i don't know of any.

Link to comment
Share on other sites
aru Mandriva Guru

aru

Posted
Posted
Updates are issued most of time for security-issues. One commonly patched error is the so called "buffer overflow". For as far to my knowledge, this has something to do with memory twice given back by a closing application. How can this be of any problem on one's system?

As a buffer overflow happens when a developer wrongly allows that a proccess stores more data in a buffer/variable than it was thought to admit, that data may *overflow* to adjacent buffers in the stack which may allow to execute code external to the program (sorry for this bizarre explanation); hence an attacker may place some dangerous code in that buffer/variable when he is executing that program: for example, code to call a shell. That shell will own the permission the program had, which could happen to be a *setuserid* program, hence allowing root shell access to your system. That means problems ;)

 

As always the danger is very relative, because you have to have a vulnerability exploitable, an attacker has to decide to attack you, and he must be good enough to break into your system through that vulnerability (well there are scripts for script-kiddies so the attacker may be stupid and break into your system too).

 

 

And is there any way monitoring for "buffer overflows" on the system?

nope I don't think so, unless you try (hardly) to crack any already reported vulnerabilities of programs not patched in your system or you review the code of your installed programs.

But if you want to play with the concept I found this "howto": Smashing The Stack For Fun And Profit

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...