Is Your Buffer Overflowing?
A W2KNews reader wrote last week to ask that we give a little
background on what a buffer overflow is and how it is used to
enable virus or Trojan attacks. To fully understand how these
attacks work, you need some programming knowledge, but here's
the short form: A buffer is a holding place in memory where data
is stored temporarily. It's created by the programmer so that
different processes that operate at different speeds can work
together without one impeding the operation of the others. The
program will allocate a specified amount of memory for the
buffer. If a process tries to put more data in the buffer than
is allocated, you get an overflow. When that happens, the extra
data can overwrite data in other buffers that are adjacent in
memory to the overflowing one. If the adjacent area in memory is
one that holds program instructions, the extra data can
overwrite the instructions with new ones.
Buffer overflows can be intentionally created by hackers, who
include in the extra data code that provides malicious
instructions to the computer that's the target of the attack.
Our reader also asked why this type of error is so prevalent in
Microsoft products. Actually, buffer overflow vulnerability is
not limited to Windows or any specific platform. The real
culprit is the C programming language. UNIX and Linux are also
subject to buffer overflows and thus to attacks that exploit
them. In fact, a Google search on "buffer overflow attacks"
turns up numerous articles related to non-Microsoft operating
systems. One of the first famous attacks that used a buffer
overflow (of the UNIX service called "finger") was the Internet
Worm of 1988.