Buffer Overrun

Buffer overrun is a very common, very dangerous loophole, in all sorts of operating system and application software in the widespread. Use of buffer overflow attack, can lead to program running failure, system reboot, grind consequences. More seriously, can use it to perform unauthorized instructions, and even can be made system privileges, and then, various kinds of illegal operations.

Buffer overrun attacks have DuoZhong English name: buffer overrun, smash, buffer is the stack, the stack, the trash scribble stack, mangle the stack, leak, overrun with memory screw; They refer to what is the same kind of attack means. The first buffer overflow attack-Morris worms, happened in twenty years ago, it has caused the world more than 6000 sets of web server paralyzed.

concept

Buffer overrun is when computer to the buffer filled with data figures in more than the capacity of the overflow of buffer itself data in the data covered legal, the ideal situation is not allowed to check the data length program more than the length of the input buffer characters, but most of the program will be always with the assumption that data length distribution of storage space, this match for buffer overflow buried hidden trouble. The operating system used by the buffer is known as the "stack". In each operation process, the instruction will be between the temporary storage in "stack", "stack" of also can appear buffer overflow.

harm

In the current network and a distributed system security, is used more than 50% of all is buffer overflow, one of the most famous example is 1988 fingerd use the vulnerability of the worms. And buffer overflow, the most dangerous is the stack overflow, because the invaders can use stack overflow, in function returns change to return to a program's address, let the jump to any address, the harm is a program collapse that refused to service, additionally one kind is to jump and perform a malicious code, such as shells, and then get to do.