A condition that develops when the amount of memory assigned to a specific application or task is flooded. Buffer overflows, often caused by poor code writing, were once mainly an inconvenience. Today, however, hackers attempt to exploit them to either crash a target machine or to run malicious code on it, for example, worms.
In an attack, the data usually consists of three elements:
Using arbitrary strings to achieve the overflow. By trial and error, the author of the buffer overflow attack determines the amount of data required to induce an overflow condition.
Exploiting code. This is the program the hacker wants to run, usually something like a shell, so he can in turn run any additional commands on the system.
A new return address. Instead of the return address going back to the original function, a new return address is written, pointing to the start of the exploit code. When the function returns, the exploit code is executed.
As an example, suppose you have a program that asks you to input your Social Security number. In the U.S. this is, of course, a nine-digit number. But if the programmer didn't perform error checking on the input string because he assumed that the user would know what to enter, a hacker could input thousands of bytes worth of data to achieve the overflow condition. If the program being attacked is running in privileged mode (as root in Unix or Administrator on Windows NT or 2000), the attack code inherits those privileges and has full rights to the system. The labor-intensive portion of this exercise is finding where programs are vulnerable and what data is needed to cause the overflow.
