is a buffer overflow, and how is it used against

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

What is a buffer overflow, and how is it used against a Web server?

Expert Solution
Step 1

A buffer overflow occurs when a program tries to write too much data in a fixed length block of memory (a buffer). Buffer overflows can be used by attackers to crash a web-server or execute malicious code. If your web-server is vulnerable to buffer overflow attacks, it is only a matter of time until a hacker injects code and takes control of your system.

risks

PREVALENCE RARE
  
 
EXPLOITABILITY MODERATE
  
 
IMPACT DEVASTATING
  

buffer overflows in c and c++

Buffer overflows in C and C++ arise when you use unsafe functions that do not check the length of data being written to a buffer. If you write C or C++ code, make sure to use the following secure equivalent functions:

Insecure Function Secure Alternative
gets() fgets()
strcpy() strncpy()
strcat() strncat()
sprintf() snprintf()

buffer overflows in the applications you use

It’s pretty rare for web-developers to write low-level code in languages like C or C++, so the biggest risk of buffer overflows for must of us in the applications we use.

Web Servers

Most websites are deployed using a web server to serve static content. (This is distinct from the application server that executes dynamic content.) The three most common web-servers are:

  • Apache HTTP Server
  • Microsoft Internet Information Services (IIS)
  • Nginx

Each of these has been found to be vulnerable to buffer overflows at different times. Web-server vendors are very quick to patch vulnerabilities, so the key to keeping yourself secure is deploying security patches as soon as they become available.

Operating Systems and Language Runtimes

Buffer overflow attacks have been launched against websites by taking advantage of vulnerabilities in operating systems and language runtimes. The Heartbleed attack took advantage of a serious vulnerability in the OpenSSL cryptographic software library that Linux-based web-servers use to encrypt SSL/TLS traffic. Similarly, security researchers have discovered vulnerabilities in various functions in the PHP runtime which allow attackers to launch buffer overflow attacks remotely by crafting malicious input.

 

steps

Step by step

Solved in 2 steps with 9 images

Blurred answer
Knowledge Booster
Web Host concepts
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education