Buffer overflow – also sometimes known as buffer overrun – is a bug or anomaly in the software which occurs when a program that is writing to buffer in memory, overshoots its allocated buffer space and ends up writing into an adjacent or nearby memory space (buffer).
Buffer overflows normally are just bugs in the software systems which really do not do any harm on their own.
If a buffer overflow exists in the software, the software would end up crashing itself and any software that uses the buffer it has overrun.
But in cases where buffer overflows are exploited maliciously, they may – and in most cases, do – end up resulting in a security breach. Most of the vulnerabilities that exist in the software across the globe are a result of some form of buffer overflow bugs.
Programs built using C and C++ languages are often prone to buffer overflow attacks as they do not have any built-in functions that provide error checking in regards to buffer overflows that may have been accidentally developed by the programmer due to some error in logic or to lack of manual error checking.
Hackers can trigger buffer overflows and rewrite parts of the buffer with instructions or small programs that may lead to the execution of malicious code, spawning of remote shells, deletion of system files, connection to remote systems and downloading of malware, remote control of the infected system, etc.
There are two basic techniques through which buffer overflows are exploited: stack-based exploitation and heap-based exploitation. Stack-based buffer overflows can trigger several methods of attacks.
Stack-based overflows may re-write the values of variables that are adjacent to the allocated buffer of the program and hence change the logic of the program. They may also target data that holds the return address and hence change the course of the execution of the program; or they may target the data stored in the register and change the course of the execution of the program in such a manner.
Buffer overflows based on heap exploitation function in an entirely different manner. Heaps are dynamically allocated spaces of memory and are typically known to contain program data. The heap-based exploitation occurs so that the internal program structures are overwritten, such as linked list pointers.
This method overwrites the linkage to the next instruction and hence ends up overwriting the program function pointer.More security questions & answers