Buffer Overflow

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and program flow control data. This may result in erratic program behavior, including memory access errors, incorrect results, program termination (a crash), or a breach of system security.

Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. They are thus the basis of many software vulnerabilities and can be maliciously exploited. Bounds checking can prevent buffer overflows.

Programming languages commonly associated with buffer overflows include C and C++, which provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an array (the built-in buffer type) is within the boundaries of that array.

Consider this:

You have a program, when you run it, the computer sets 20 memory spaces aside for that program. The program takes in some input, and if not coded correctly, you can overflow that input. If the programmer only expects the input to be about 10-20 characters, then he will set the expected memory usage (buffer) to 20 characters. Though the exploiter knows this, and he puts in a string of 30 characters. The sector of memory desgnated for the program is now over written by whatever the hacker wants. Usually it's by shell code that will let you control the computer/server remotely.

Example of a string of shell code used to list files on a *NIX system in the programming languge C: char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/ls";

Buffer Overflows are the most commonly used exploit against a server because most programmers don't take the "Cracking" factor into account. Therefore, many crackers use this to gain access to servers, and execute any code they wish, and it's all done remotely.