What exactly is a buffer overflow?  To answer this question, we have to understand a little bit about how computer programs use memory.  A computer program consists of two things: 1)  A set of instructions, and 2) A set of data that those instructions will operate on.  Normally, all of the instructions are loaded into memory when the program starts.  Data comes in from some input source, either disk, a user interface, or the Internet, and gets stored in memory temporarily so that the computer instructions can use it.  Finally there is some output data, which is created within memory and then moved to an output device, which again may be a disk file, a user display screen, or the Internet.

The program has to arrange for a place within the available memory to store the data.  You might think of computer memory as a plot of land, with different sections separated by fences.  The computing instructions go into one fenced-off area.  From there, they direct the data into, and out of, a different fenced off area or “corral”.  So what happens if some of the data decides to jump the fence, and trample all over the instructions? 

Luckily, data doesn't have a mind of its own.  But, suppose your program doesn't have a very good fence.  Or, suppose the programmer drew a line in the dirt where the fence was supposed to go, but forgot to actually build it.  Then, suppose you get some data coming in that doesn't fit inside the corral.  It's going to overflow right into the instruction area. 

If this happens by accident, the most likely outcome is that the program will either freeze or just crash.  There's also a chance that nothing strange would happen, if  the data overwrites some instructions that are not going to be used.  But there's also a slim chance that the data might be interpreted as program instructions, and cause the program to do something it’s not supposed to. 

Enter the hacker.  If someone knows enough about the structure of a program and the operating system it is running on, they can predict the "size of the corral" that is supposed to hold the data.  They can also tell the exact place in the program instructions where they could intercept the program flow.  Then, they can craft some input data that is bigger than it is supposed to be, but is just the right size to "jump the fence".  They add some special instructions in just the right place.  They send the data to your program, where it leaps into the program instruction area and it takes control of your computer. 

If this sounds scary, then I've succeeded!  It's easy to find instructions on the Internet to take advantage buffer overflow vulnerabilities.  Websites like packetstormsecurity.org  and exploit-db.com list updates on new vulnerabilities that are being discovered every day.  Hackers monitor these sites, but so do security professionals and software developers.  This is why it is vital to always keep up with the latest patches and security upgrades.  It's how you can keep your fences in good shape, and the data in the corral.

Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com