Page 81 - StudyBook.pdf
P. 81

General Security Concepts: Attacks • Chapter 2  65

                 Software Exploitation and Buffer Overflows


                 Despite their best intentions, programmers make mistakes.These mistakes often
                 lead to weaknesses in the software that can be exploited through buffer overflows,
                 one of the most common ways for an attacker to gain access to a system.As the
                 name suggests, this is nothing more than an attack that writes too much data to a
                 program’s buffer.The buffer is an area of temporary memory used by the program
                 to store data or instructions.To create a buffer overflow attack, the attacker simply
                 writes too much data to that area of memory, overwriting what is there.This extra
                 data can be garbage characters, which would cause the program to fail; more com-
                 monly, the extra data can be new instructions, which the victim computer will run.
                 An attacker can generally gain access to a system very quickly and easily through
                 buffer overflows.There are many examples of buffer overflow attacks. One
                 common buffer overflow attack was the Sasser worm, which caused problems in
                 networks during 2004. Sasser used a buffer overflow in the Windows Local Security
                 Authority Subsystem Service (LSASS) to infect a machine and then replicate to
                 neighboring machines.As is usually true, a recently patched or firewalled system
                 would not be vulnerable to the attack. Even more, Microsoft’s Windows Vista
                 includes a feature called ASLR (Address Space Layout Randomization), which
                 places system data areas like executables, libraries, and stacks in random places,
                 making it a lot more difficult for buffer overflow exploits to put code in a location
                 that will be executed.



                 TEST DAY TIP
                      For the test you do not need to know exactly how a buffer overflow
                      works, only what a buffer overflow is and what its inherent risks are.
                      We recommend that security practitioners have a good understanding
                      of overflows, as they are very common. For more information on buffer
                      overflows, see Chapter 8 of Hack Proofing Your Network, Second
                      Edition (Syngress Publishing, ISBN: 1-928994-70-9).




                    Another type of software exploitation is found in a program’s failure to deal
                 with unexpected input.When a program asks a user for input, it looks for a certain
                 response.A basic example of this would be if you were to use a program that asked
                 you to choose either Option 1 or Option 2.You would generate unexpected input
                 if you were to enter a 3. Most programs will catch this error and tell you that you



                                                                              www.syngress.com
   76   77   78   79   80   81   82   83   84   85   86