What occurs when a process attempts to store data in RAM beyond the boundaries of a fixed length storage buffer?

Security + | Chapter 3 Terms (Application and Network Attacks)

Programs that provide additional functionality to Web browsers.

Address Resolution Protocol (ARP)

Part of the TCP/IP protocol for determining the MAC address based on the IP address.

An attack that corrupts the ARP cache.

Files that are coupled to e-mail messages.

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data.

A file on a local computer in which a server stores user-specific information.

Injecting and executing commands to execute on a server.

Cross-Site Scripting (XSS)

An attack that injects scripts into a Web application server to direct attacks at clients.

An attack that attempts to prevent a system from performing its
normal functions.

An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.

Distributed Denial of Service (DDoS)

An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.

An attack that substitutes DNS addresses so that the computer is
automatically redirected to another device.

A hierarchical name system for matching computer names and numbers.

A cookie named after the Adobe Flash player.

A list of the mappings of names to computer numbers.

Part of HTTP that is composed of fields that contain the different
characteristics of the data that is being transmitted.

Modifying HTTP headers to create an attack.

An attack that intercepts legitimate communication and forges a fictitious response to the sender.

Persistent Cookie (tracking cookie)

A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.

A utility that sends an ICMP echo request message to a host.

An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.

An attack that makes a copy of the transmission before sending it to the recipient.

A cookie that is only used when a browser is visiting a server using a secure connection.

A cookie that is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting a Web site.

An attack in which an attacker attempts to impersonate the user by using his session token.

A form of verification used when accessing a secure Web application.

Impersonating another computer or device.

An attack that targets SQL servers by injecting commands to be manipulated by the database.

An attack that takes advantage of the procedures for initiating a TCP session.

A cookie that was created by a third party that is different from the primary Web site.

An attack involving using a third party to gain access rights.

XML (Extensible Markup Language)

A markup language that is designed to carry data instead of indicating how to display it.

An attack that injects XLM tags and data into a database.

Attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks.

148.7k views

App SecurityEssentialsThreats

Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.

For example, a buffer for log-in credentials may be designed to expect username and password inputs of 8 bytes, so if a transaction involves an input of 10 bytes (that is, 2 bytes more than expected), the program may write the excess data past the buffer boundary.

Buffer overflows can affect all types of software. They typically result from malformed inputs or failure to allocate enough space for the buffer. If the transaction overwrites executable code, it can cause the program to behave unpredictably and generate incorrect results, memory access errors, or crashes.

What occurs when a process attempts to store data in RAM beyond the boundaries of a fixed length storage buffer?

Buffer overflow example

What is a Buffer Overflow Attack

Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information. For example, an attacker may introduce extra code, sending new instructions to the application to gain access to IT systems.

If attackers know the memory layout of a program, they can intentionally feed input that the buffer cannot store, and overwrite areas that hold executable code, replacing it with their own code. For example, an attacker can overwrite a pointer (an object that points to another area in memory) and point it to an exploit payload, to gain control over the program.

Types of Buffer Overflow Attacks

Stack-based buffer overflows are more common, and leverage stack memory that only exists during the execution time of a function.

Heap-based attacks are harder to carry out and involve flooding the memory space allocated for a program beyond memory used for current runtime operations.

What Programming Languages are More Vulnerable?

C and C++ are two languages that are highly susceptible to buffer overflow attacks, as they don’t have built-in safeguards against overwriting or accessing data in their memory. Mac OSX, Windows, and Linux all use code written in C and C++.

Languages such as PERL, Java, JavaScript, and C# use built-in safety mechanisms that minimize the likelihood of buffer overflow.

How to Prevent Buffer Overflows

Developers can protect against buffer overflow vulnerabilities via security measures in their code, or by using languages that offer built-in protection.

In addition, modern operating systems have runtime protection. Three common protections are:

  • Address space randomization (ASLR)—randomly moves around the address space locations of data regions. Typically, buffer overflow attacks need to know the locality of executable code, and randomizing address spaces makes this virtually impossible.
  • Data execution prevention—flags certain areas of memory as non-executable or executable, which stops an attack from running code in a non-executable region.
  • Structured exception handler overwrite protection (SEHOP)—helps stop malicious code from attacking Structured Exception Handling (SEH), a built-in system for managing hardware and software exceptions. It thus prevents an attacker from being able to make use of the SEH overwrite exploitation technique. At a functional level, an SEH overwrite is achieved using a stack-based buffer overflow to overwrite an exception registration record, stored on a thread’s stack.

Security measures in code and operating system protection are not enough. When an organization discovers a buffer overflow vulnerability, it must react quickly to patch the affected software and make sure that users of the software can access the patch.

How Imperva Helps Mitigate Buffer Overflow Attacks

The Imperva security solution is deployed as a gateway to your application and provide out-of-the-box protection for buffer overflow attacks. It does so by blocking illegal requests that may trigger a buffer overflow state, preventing them from reaching your applications.

In addition to protecting against buffer overflow attacks, Imperva provides multi-layered protection to make sure websites and applications are available, easily accessible and safe. The Imperva application security solution includes:

  • DDoS Protection—maintain uptime in all situations. Prevent any type of DDoS attack, of any size, from preventing access to your website and network infrastructure.
  • Web Application Firewall—permit legitimate traffic and prevent bad traffic. Safeguard your applications on-premises and at the edge with an enterprise‑class cloud WAF.
  • Bot Management– get full visibility and control over human, good bot, and bad bot traffic to your website and API.
  • Account Takeover Protection—uses an intent-based detection process to identify and defends against attempts to take over users’ accounts for malicious purposes.
  • API Security—protects APIs by ensuring only desired traffic can access your API endpoint, as well as detecting and blocking exploits of vulnerabilities.
  • RASP—keep your applications safe from within against known and zero‑day attacks. Fast and accurate protection with no signature or learning mode.
  • Attack Analytics—mitigate and respond to real security threats efficiently and accurately with actionable intelligence across all your layers of defense.