O
orville
Hi!
Need advice from anyone on how to prevent Buffer Overflow
in Windows XP.
thanks.
Need advice from anyone on how to prevent Buffer Overflow
in Windows XP.
thanks.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
C
Chris Jackson
Need advice from anyone on how to prevent Buffer Overflow
Unless you are writing software, there is really nothing you can do to
prevent this. A Buffer Overflow is a vulnerability of software that is
written carelessly. All that you can do is keep your system up to date with
the latest software patches that will fix any of these bugs that are found.
What is a buffer overflow? Say that you want to collect somebody's zip code,
so you reserve a buffer of 5 characters. That buffer is just part of memory.
The memory around this buffer can be used for something else. One of the
things that is also stored in memory is the return address of a function -
which tells the program where to go to next when it is done doing what it is
working on now. So, you have this:
_ (5 character buffer)
_
_
_
_
_ (something else)
_
_
_
_ (return value of the function)
_
Now, normally a user will only put in 5 characters if they are asked for a
zip code, so you get:
1 (5 character buffer)
0
0
2
8
_ (something else)
_
_
_
_ (return value of the function)
_
If you don't check the user's input to be sure that it is only 5 characters,
then you have an unchecked buffer. Say, for example, that the user put in a
9 character zip code, you would have:
1 (5 character buffer)
0
0
2
8
0 (something else)
0
1
5
_ (return value of the function)
_
Now, you have written write over the top of (something else) - so, when the
program looks to find the value of (something else), they don't find what
was put there, they find what you wrote write on top of it. Yikes!
Enter the bad guy, who wants to do something evil (because he is a bad guy -
duh). He wants to run some code on your computer. He can keep on writing
past (something else) and directly to (return value of the function), thus
causing the code to go wherever this guy wants to, and all this bad guy had
to do was enter a zip code!
1 (5 character buffer)
0
0
2
8
0 (something else)
0
1
5
The memory address of the bad code I want to run (return value of the
function)
_
By doing nothing but typing, I have now taken control of your computer to do
what I want to do! Even worse, I could put the bad code I want to run
directly into the buffer if I want to, and then point to it.
But, it's not something you need to worry about if you don't write code -
you just need to keep your operating system and applications patched if a
buffer overflow is discovered in their code.
in Windows XP.
Unless you are writing software, there is really nothing you can do to
prevent this. A Buffer Overflow is a vulnerability of software that is
written carelessly. All that you can do is keep your system up to date with
the latest software patches that will fix any of these bugs that are found.
What is a buffer overflow? Say that you want to collect somebody's zip code,
so you reserve a buffer of 5 characters. That buffer is just part of memory.
The memory around this buffer can be used for something else. One of the
things that is also stored in memory is the return address of a function -
which tells the program where to go to next when it is done doing what it is
working on now. So, you have this:
_ (5 character buffer)
_
_
_
_
_ (something else)
_
_
_
_ (return value of the function)
_
Now, normally a user will only put in 5 characters if they are asked for a
zip code, so you get:
1 (5 character buffer)
0
0
2
8
_ (something else)
_
_
_
_ (return value of the function)
_
If you don't check the user's input to be sure that it is only 5 characters,
then you have an unchecked buffer. Say, for example, that the user put in a
9 character zip code, you would have:
1 (5 character buffer)
0
0
2
8
0 (something else)
0
1
5
_ (return value of the function)
_
Now, you have written write over the top of (something else) - so, when the
program looks to find the value of (something else), they don't find what
was put there, they find what you wrote write on top of it. Yikes!
Enter the bad guy, who wants to do something evil (because he is a bad guy -
duh). He wants to run some code on your computer. He can keep on writing
past (something else) and directly to (return value of the function), thus
causing the code to go wherever this guy wants to, and all this bad guy had
to do was enter a zip code!
1 (5 character buffer)
0
0
2
8
0 (something else)
0
1
5
The memory address of the bad code I want to run (return value of the
function)
_
By doing nothing but typing, I have now taken control of your computer to do
what I want to do! Even worse, I could put the bad code I want to run
directly into the buffer if I want to, and then point to it.
But, it's not something you need to worry about if you don't write code -
you just need to keep your operating system and applications patched if a
buffer overflow is discovered in their code.
B
Buggs Bunny
Unless you are writing software, there is really nothing you can do to
prevent this. A Buffer Overflow is a vulnerability of software that is
written carelessly. All that you can do is keep your system up to date with
the latest software patches that will fix any of these bugs that are found.
What is a buffer overflow? Say that you want to collect somebody's zip code,
so you reserve a buffer of 5 characters. That buffer is just part of memory.
The memory around this buffer can be used for something else. One of the
things that is also stored in memory is the return address of a function -
which tells the program where to go to next when it is done doing what it is
working on now. So, you have this:
_ (5 character buffer)
_
_
_
_
_ (something else)
_
_
_
_ (return value of the function)
_
Now, normally a user will only put in 5 characters if they are asked for a
zip code, so you get:
1 (5 character buffer)
0
0
2
8
_ (something else)
_
_
_
_ (return value of the function)
_
If you don't check the user's input to be sure that it is only 5 characters,
then you have an unchecked buffer. Say, for example, that the user put in a
9 character zip code, you would have:
1 (5 character buffer)
0
0
2
8
0 (something else)
0
1
5
_ (return value of the function)
_
Now, you have written write over the top of (something else) - so, when the
program looks to find the value of (something else), they don't find what
was put there, they find what you wrote write on top of it. Yikes!
Enter the bad guy, who wants to do something evil (because he is a bad guy -
duh). He wants to run some code on your computer. He can keep on writing
past (something else) and directly to (return value of the function), thus
causing the code to go wherever this guy wants to, and all this bad guy had
to do was enter a zip code!
1 (5 character buffer)
0
0
2
8
0 (something else)
0
1
5
The memory address of the bad code I want to run (return value of the
function)
_
By doing nothing but typing, I have now taken control of your computer to do
what I want to do! Even worse, I could put the bad code I want to run
directly into the buffer if I want to, and then point to it.
But, it's not something you need to worry about if you don't write code -
you just need to keep your operating system and applications patched if a
buffer overflow is discovered in their code.
Thats about the easiest to understand explanation, thanks
But I could not help noticing 'A Buffer Overflow is a vulnerability of software that is
written carelessly'