What is a buffer overflow?
A buffer overflow is a flooding of a buffer with too large amounts of data. This can compromise or damage neighboring data. It is a serious security issue.
Buffers are temporary stores that keep data used by a program or software available and quickly accessible. The software itself informs the operating system of the corresponding need.
The OS then has the task of reserving the corresponding buffer; this is primarily implemented using physical or virtual main memory. A buffer overflow occurs when too much data is sent to the buffer. Its volume is not sufficient to absorb the information.
The consequences of a buffer overflow
A buffer overflow has the following consequences:
- The required program probably crashes because the required information is missing.
- The surplus data is stored in the adjacent buffer.
- Here, data records are compromised (that is, they can no longer be accessed and attacked).
- Other data records in the neighboring buffers are permanently damaged by the flooding.
Buffer overflow as a security risk
The problem with a buffer overflow is, put simply, that the system does not know how to deal with it, since such an event should not take place according to its own logic. Finally, a notification of demand and a corresponding reservation of storage space in the buffer took place. The scenario that too much information flows is actually ruled out.
This fact already indicates why the process represents a serious security risk. The fact that a system cannot handle the overflow offers the possibility, among other things, of smuggling in malware. Accordingly, an overflow can be intentionally provoked. In the process, malicious code flows into the neighboring cache, which enables data theft, for example.
The best-known example comes from the year 2000. At that time there was a programming error in the Microsoft Outlook applications that led to a buffer overflow. In this way, e-mail viruses could penetrate the system even if the recipient of the message did not even open it. This was due to a bug in Outlook’s header recognition. The attack took place as soon as the subject of the message was scanned by the system.
Since then, buffer overflow attacks have increased. Applications written in the C programming language are particularly affected . This makes it particularly easy to get poorly written applications to overflow the buffer. Here it is possible that the software is made aware that the storage space is smaller than it actually is. This is why the operating system asks for a reservation that is too low and the disaster takes its course.
The accidental buffer overflow
Of course, not every buffer overflow is the result of a criminal attack. In many cases it is an oversight. Programming languages that cannot automatically monitor the boundaries of the individual memory areas are responsible for the most part in order to prevent flooding into neighboring buffers.
In addition to C, this also applies, for example, to the further development of C ++. The corresponding code must be entered manually here. The Pascal languages, on the other hand, have a corresponding security precaution, for example.