Defining Buffer Overflow Attacks & How to Defend Against Them
During a buffer overflow, a program puts data in a memory area outside the buffer. That step can corrupt your data or crash your program.
Hackers know this, and sometimes they use your innocent-seeming buffer to take over your device.
Essentially, a buffer is a lifesaver if one of your programs runs out of memory and doesn't want to crash. The program can store data within that buffer and keep working. When your program needs even more memory than it can find within a buffer, it’s vulnerable to buffer overflow attack.
Buffer overflow attacks caused some of the most infamous hacking examples, from the Morris Worm in 1998 to Stagefright in 2015.
Let's explain how they work, and we'll help you understand how to protect yourself from them.
What Is a Buffer Overflow?
Almost every computer has a buffer. This dedicated space can hold or transport data so you can keep working without experiencing multiple crashes. But even the best buffer out there has a limit. And when you exceed it, an overflow begins.
A buffer overflow can be:
- Accidental. You try to do too much within one program, and you exceed the space the program gives you. The program may begin to behave erratically, and in some cases, it may stop working altogether.
- Intentional. Someone sends in data that's too large for your program. That dataset contains code that can replace the valid versions. When the new code runs, it can make the program do things you don't expect.
It may seem difficult for a hacker to craft a program that both understands your program completely and can change the way it works. But unfortunately, these attacks are relatively common.
Buffer Overflow Attack Types
Every program contains a buffer, but an attacker can follow one of two methods to take it over and begin an attack.
A buffer overflow attack can be:
- Stack-based. Your attacker sends data to a program, and that transmission is stored in a too-small stack buffer. Your hacker could choose a "push" function and store new items on the top of the stack. Or the hacker could choose a "pop" function and remove the top item and replace it. That means the hacker has officially inserted malicious code and taken control.
- Heap-based. Your hacker corrupts data within the heap, and that code change forces your system to overwrite important data.
As a user, you may not see these changes happening. But if you don't stop the progression, your program may start to hitch and stall. In time, it could crash.
Since buffer overflows often target important programs, such as operating systems, a hack could leave you with a device you can't control.
Know Your Buffer Overflow Vulnerabilities
Preventing an attack is easier than recovering from one. Thankfully, there are plenty of things you can do to keep your company safe.
Start by examining the code you use during development. Programming languages vulnerable to buffer overflow attacks include:
- Assembly
- C/C++
- Fortran
These languages come with no built-in protection, and they don't allow for routine checks for overflows.
Next, examine your code. It's easier for a hacker to launch an attack when your programs are:
- Complicated. Do you find it hard to predict the behaviour of your program?
- External. Do you need third-party or outside data to control the actions within the program? Are data properties externally controlled?
- Older. Did you use legacy components to build the program?
Almost every company out there has an old, custom-built program that every employee uses every day. You may be leery of replacing this system since it was made just for you. But clearly, legacy systems come with risks that are difficult to mitigate or eliminate.
Your Buffer Overrun Countermeasure & Prevention Plan
Hackers have been leaning on buffers for years, but new opportunities for their work are appearing. For example, experts say connected devices (including Internet-of-Things elements like refrigerators and doorbells) could be susceptible to these attacks.
Protect your company by following these common-sense steps:
- Use new operating systems. It's time to throw out legacy programs with expired support systems. Newer code comes with more protections.
- Watch the language. Programs written in COBOL, Python, and Java are likely safer than others.
- Add space. Some programs allow for executable space protections. When enabled, a hacker can't execute code inserted via an overflow attack.
- Lean on developers. System administrators often complain that developers ignore their bug reports. Be persistent. When you spot a problem leading to a buffer overflow, keep talking about it until someone fixes it.
- Apply your patches. When developers do find out about buffer overflow problems, they fix them with code. In February 2021, for example, Sudo developers released a patch just like this, and they encouraged people to use it.
Watching your code, analysing behaviour, and testing frequently are all good ideas. But to keep your company safe, you'll need to do even more.
Work with Okta to surround your most important resources with a strong authentication system. Find out more about how we can help organisations just like yours.
References
Buffer Overflow Attack. Comprehensive Security: A Hands-On Approach.
Buffer Overflow. OWASP.
Buffer Overflow Attack. Santa Clara University.
What Is a Buffer Overflow? And How Hackers Exploit These Vulnerabilities. (January 2020). CSO.
Kernel Space: Are Linux Developers Ignoring Bug Reports? (September 2007). Networkworld.
Sudo Heap-Based Buffer Overflow Vulnerability. (February 2021). Cybersecurity and Infrastructure Security Agency.