In data security and programming, a buffer overflow or buffer overrun is an anomaly found an application due to which a program while writing information to a buffer, overruns the buffer’s boundary. The buffer is the temporary storage allocated to an application to store data. The application overwrites the adjacent memory locations. There are many web application, the programs are stored in an undersized stack buffer. The attacker can send data to the programs and he can overwrite the information on the stack, including the function’s return pointer. An attacker uses the buffer overflow attack to corrupt the execution stack of the victim server. The applications that use the graphics library to render images are vulnerable to this vulnerability. The applications that use interpreters like Java and python are immune to buffer overflow attack.
There are two types of buffer overflow attack:-
In heap-based buffer overflow attack, the attacker floods the server’s memory to hang the execution of the programs. This type of buffer overflow is least used among attacks. The stack-based buffer overflow is commonly used among attacks to attack a server. In this type of buffer overflow attack, the application calls the stack outside the intended data structure. This cause the program to use more memory than the allocated space. Using stack-based buffer overflow attack, the attacker can also perform stack smashing attack.
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes:-