nullcon 2011 - buffer underrun exploits

By Saurabh Sharma & Chinmaya Kamal(SETLabs, Infosys)

http://null.co.in/ http://nullcon.net/Saurabh & Chinmaya

● Buffer overflow attacks

● Cookie prevention

● Buffer Under Run Attacks

Saurabh & Chinmaya

•In some languages like C, boundchecking mechanisms are notimplemented. When the input data whichis used to fill the buffer is greater thanthe size of the allocated buffer, othervalues in the stack get overwritten. If theattacker designs this input carefully, hecan overwrite the return address with theaddress of his will. This address maypoint to some custom code, can be amalicious shell code. These attacks areknown as buffer overflow attacks.

•Buffer overflow attacks are caused when the buffers such as arraysare filled without the proper bound checking.

Saurabh & Chinmaya

Saurabh & Chinmaya

Saurabh & Chinmaya

Saurabh & Chinmaya

Saurabh & Chinmaya

Saurabh & Chinmaya

Demo

Saurabh & Chinmaya

Saurabh & Chinmaya

•PHP5 Space Trimming Buffer Under Flow (Header(), MacOSX)

Saurabh & Chinmaya

Thank You

Saurabh & Chinmaya