Buffer Overflows
Summary
Since the rise of C in the early 1970s, buffer overflows have become a serious security vulnerability. Even though high-level programming languages are typically not affected, especially with the increasing significance and use of IoT devices, the number vulnerable systems is actually on the rise.
On the other hand, a wide array of countermeasures are also increasingly adopted and applied. Features like executable space protection (e.g. Data Execution Prevention under Windows) already deployed since the mid 2000s, and on the compiler side, technologies like Stackguard support several detection and prevention mechanisms (e.g. different types of Canaries). Furthermore, almost every wider used operation system supports Address Space Layout Randomization, in order to minimize the attack surface for buffer overflow attacks. For example, at the beginning of 2020 from all the bigger names (Linux, Windows, macOS, iOS, Android, Solaris, OpenBSD, etc.), only FreeBSD does not offer support for ASLR. Nonetheless, it is announced to be supported in version 13.0, which is currently in development.
Requirements
- Operating system: not limited
- One vulnerable library (or function), available within the attacked binary
Description
Step 1
(Enter these commands in the shell)
echo foo echo bar
Step 2
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle
Courses
- Ausgewählte Kapitel der IT-Security SE (2019, 2020)