Estado de vulnerabilidad que se crea por métodos de codificación poco seguros, y en el que un programa desborda el límite del buffer y escribe datos en el espacio de memoria adyacente. Los desbordamientos de buffer son aprovechados por los atacantes para obtener acceso no autorizado a los sistemas o datos.
http://es.pcisecuritystandards.org
En relación con la programación y seguridad informática, es un tipo de vulnerabilidad que afecta al software y es muy utilizada para realizar ataques dirigidos a conseguir que el programa realice las acciones que el atacante, y no el propio programa, quiera. Son defectos en la programación que provocan un error o el cuelgue del sistema pero son provocados de forma intencionada.
Si hiciéramos una comparación, el desbordamiento de búfer provoca algo similar a lo que ocurre cuando llenamos un vaso mas allá de su capacidad: éste se desborda y el contenido se derrama. Cuando el programador no incluye las medidas necesarias para comprobar el tamaño del búfer en relación con el volumen de datos que tiene que alojar, se produce también el derramamiento de estos datos que se sobrescriben en otros puntos de la memoria, lo cual puede hacer que el programa de errores o incluso se cuelgue.
El atacante calcula qué cantidad de datos necesita enviar para conseguir saber cuándo se producirá el desbordamiento y dónde se reescribirán los datos y posteriormente consigue el desbordamiento, en definitiva, que el programa ejecute el código que él ha enviado.
Este tipo de vulnerabilidad, dado que se produce por un defecto en el código del programa, sólo puede ser solventada mediante las actualizaciones o parches del programa en cuestión, lo cual hace muy necesario mantener actualizados todos los programas instalados en nuestro equipo.
http://www.inteco.es/glossary/Formacion/Glosario/
Se dice que un buffer se desborda cuando, de forma incontrolada, al intentar meter en él más datos de los que caben el exceso se vierte en otras zonas del sistema causando daños y perjuicios. A veces se trata de un mero accidente con consecuencias desagradables. A veces se trata de un ataque planificado que habilita alguna ventaja para el atacante.
Los desbordamientos de memoria pueden considerarse defectos de programación. Algunos lenguajes impiden con más o menos éxito que los desbordamientos puedan ocurrir; en otros lenguajes se requiere una precaución explícita por parte del programador que acaba siendo el último responsable de que el sistema sea o no vulnerable a este tipo de incidentes.
(en) buffer
overflow
A condition at an
interface under which more input can be placed into a buffer or data holding
area than the capacity allocated, overwriting other information. Attackers
exploit such a condition to crash a system or to insert specially crafted code
that allows them to gain control of the system . [CNSSI_4009:2010]
(I) Any attack
technique that exploits a vulnerability resulting from computer software or
hardware that does not check for exceeding the bounds of a storage area when
data is written into a sequence of storage locations beginning in that area. [RFC4949:2007]
The result of a
programming flaw. Some computer programs expect input from the user (for
example, a Web page form might accept phone numbers from prospective
customers). The program allows some virtual memory for accepting the expected
input. If the programmer did not write his program to discard extra input
(e.g., if instead of a phone number, someone submitted one thousand
characters), the input can overflow the amount of memory allocated for it, and
break into the portion of memory where code is executed. A skillful hacker can
exploit this flaw to make someone's computer execute the hacker's code. Used
interchangeably with the term, "buffer overrun."
http://www.watchguard.com/glossary/
Attack where a
hacker exploits an unchecked buffer in a program to overwrite the program
code. If the hacker overwrites the
program code with new executables code, the hacker can change the program's
operation. If the hacker enters other
data, it usually causes the program to crash.
http://www.qtsnet.com/SecuritySolutions/security_glossary.html
A buffer overflow
occurs when a program or process tries to store more data in a buffer
(temporary data storage area) than it was intended to hold. Since buffers are
created to contain a finite amount of data, the extra information - which has
to go somewhere - can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.
A condition that
results from adding more information to a buffer than it was designed to hold.
An attacker may exploit this vulnerability to take over a system.
http://www.getsafeonline.org/
An exploitation
technique that alters the flow of an application by overwriting parts of memory.
Buffer Overflows are a common cause of malfunctioning software. If the data
written into a buffer exceeds its size, adjacent memory space will be corrupted
and normally produce a fault. An attacker may be able to utilize a buffer
overflow situation to alter an application's process flow. Overfilling the
buffer and rewriting memory-stack pointers could be used to execute arbitrary
operating-system commands.
http://www.webappsec.org/projects/glossary/
A buffer overflow
occurs when a program or process tries to store more data in a buffer
(temporary data storage area) than it was intended to hold. Since buffers are
created to contain a finite amount of data, the extra information - which has
to go somewhere - can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them. Although it may occur accidentally through
programming error, buffer overflow is an increasingly common type of security
attack on data integrity. In buffer overflow attacks, the extra data may
contain codes designed to trigger specific actions, in effect sending new
instructions to the attacked computer that could, for example, damage the
user's files, change data, or disclose confidential information. Buffer
overflow attacks are said to have arisen because the C programming language
supplied the framework, and poor programming practices supplied the
vulnerability.
http://searchsoftwarequality.techtarget.com/glossary/
A buffer overflow
occurs when a program or process tries to store more data in a buffer
(temporary data storage area) than it was intended to hold. Since buffers are
created to contain a finite amount of data, the extra information - which has
to go somewhere - can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.
http://www.sans.org/security-resources/glossary-of-terms/
Buffer Overflow
attacks target improper or missing bounds checking on buffer operations,
typically triggered by input injected by an attacker. As a consequence, an
attacker is able to write past the boundaries of allocated buffer regions in
memory, causing a program crash or potentially redirection of execution as per
the attacker's choice.
Attack Execution Flow
·
The
attacker identifies a buffer to target. Buffer regions are either allotted on
the stack or the heap, and the exact nature of attack would vary depending on
the location of the buffer
·
Next,
the attacker identifies an injection vector to deliver the excessive content to
the targeted buffer.
·
The
attacker crafts the content to be injected. If the intent is to simply cause
the software to crash, the content need only consist of an excessive quantity
of random data. If the intent is to leverage the overflow for execution of
arbitrary code, the attacker will craft a set of content that not only
overflows the targeted buffer but does so in such a way that the overwritten
return address is replaced with one of the attacker's choosing which points to
code injected by the attacker.
·
The
attacker injects the content into the targeted software.
·
Upon
successful exploitation, the system either crashes or control of the program is
returned to a location of the attacker's choice. This can result in execution
of arbitrary code or escalated privileges, depending upon the exploited target.
Attack Pattern
100
http://capec.mitre.org/data/index.html
Une vulnérabilité qui
est créée par des méthodes de codage non sécurisées, lorsquun programme sature
la limite de la mémoire tampon et inscrit des données dans un espace de mémoire
adjacent. Les saturations de mémoire tampon sont utilisées par les pirates pour
obtenir un accès non autorisé aux systèmes ou aux données.
http://fr.pcisecuritystandards.org/
Faille d'un système
provoquée par l'envoi à un buffer de plus d'informations qu'il ne peut en
contenir. Ceci permet, dans certains cas des comportements non prévus pas les
développeurs du programme vulnérable pouvant conduire à l'obtention de droits
et privilèges particuliers sur la machine qui héberge l'application vulnérable.
http://www.cases.public.lu/functions/glossaire/
Est une attaque
classique consistant à exploiter la mauvaise gestion de la pile mémoire
(réservation et relâche des espaces mémoires) dans un programme.
La personne
malveillante envoie délibérément trop d'informations dans un champs ou une
variable spécifique, entraînant un dépassement de la zone mémoire allouée à
cette variable. La personne malveillante peut alors obtenir des droits d'accès
élevés (ex.: root) ou disposer du code exécutable malicieux dans la zone de
mémoire débordée.
http://securit.free.fr/glossaire.htm
Temas relacionados