All about Buffer Overflows Articles / Tutorials Posted by Admin on Dec 08, 2005 - 03:55 AM |
|
A buffer overflow is the equivalent of lobbing a softball with a message on it at someone. They in turn catch it, read it, and throw it in a bin that it belongs in, depending on the message. Ok. Now you start throwing them faster and faster. Then 5 of your friends come and do the same thing. The person catching them can't read them all so he drops some in a bin by his feet to do when you and your friends arms get tired. The thing is, 3 more friends show up, and the bin overflows and softballs begin spilling all over the place. The guy panics and tries to grab as many as he can, because he is under the impression that they all have a very important message. Now that his back is turned, you go to one of the bins and mess with some of the messages that were on the softballs, or maybe you sneak up behind him and give him a wedgie, or flick him in the nuts... it's up to you. ============================== buffer overflows (for adults) ============================== A buffer overflow is a stack/memory error in software that allows you to run a malicious program. The stack is used to hold temp data for the process and helps the processor implement more advanced programming kinda like RAM with an executatble option. The stack area becomes bigger as data is pushed into it and smaller as data leaves. It is called a stack because it works in the LIFO (last in, first out) way. A buffer overflow is when you "overflow" or overwhelm this memory, and thats how it works... I'll try to explain better. You send a program requesting too much information. The data should include two componants: 1. one that crashes the application 2. one that's a program that points to a prog that you'd like to run. When the application crashes due to the first component, the operating system will execute the second. I hope that helps you out. You have a really nice article explaining more here: http://www.governmentsecurity.org/articles/IntroductiontoBufferOverflo w.php You may also want to check out "smashing the stack for fun and profit" |
|
This article is from SecurityAlertz http://www.securityalertz.com/ The URL for this story is: http://www.securityalertz.com/modules.php?op=modload&name=News&file=article&sid=1426 |