Zero Day Exploitation using Buffer Overflow
Zero-day is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. In zero-day, hacker can target vulnerabilities in a wide range of systems, including:
- Operating System
- Office Applications
- Open-Source Components & Application etc.
There are various sorts of zero-day vulnerabilities, including Remote Code Execution (RCE), SQL Injection, Command Injection, Server-Side Request Forgery (SSRF), Buffer Overflow (BOF), and many others.
In this article, we will go through Buffer Overflow (BOF) vulnerability. A buffer overflow attack is a type of cyberattack that uses a buffer overflow vulnerability to write user-controlled data into the memory. The attacker can overwrite data in other sections of the memory by providing more data than can fit in the allotted memory block.
Attackers can use buffer overflow attacks for a variety of purposes including overwriting critical code or data to crash the program, inserting malicious code to be run by the program, or manipulating critical variables to change the program’s execution flow. A buffer overflow attack can be carried out in a variety of methods, but some of the more popular are:
- Stack-Based Buffer Overflow
- Heap-Based Buffer Overflow
Stack-based buffer overflow is a type of more general programming malfunction known as buffer overflow. Stack-Buffer Overflow happens when a program writes to a memory location on the program’s call stack that is outside of the intended data structure. Stack-buffer overflow happens when a program writes to a memory location on the program’s call stack outside of the intended data structure, which is usually a fixed-length buffer. Stack buffer overflow issues are occurred when a program puts more data into the stack buffer more than buffer’s allotted size.
Heap Overflows are vulnerable in a different way than stack overflows, a dynamically memory is allocated in heap and typically contains program data. In Heap Overflow, data is corrupted in specific ways to cause the application or program to overwrite internal structures such as linked list references, pointers, etc. Canonical heap overflow is a technique used to overwrites dynamic memory allocation links (such as malloc metadata) and using the resulting pointer overwrite the program function pointer.
You can avoid buffer overflow attack by doing few followings:
- Conducting routine code audits by using automated tools or manua
- Using secure coding method and safe functions such as strncat rather than strcat, strncpy rather as strcpy, and so on.
- Regularly patch updates of web and servers, and be aware of issue reports pertaining to programmes on which your code depends.
- Periodically scan your application/programs with commonly available scanners that use looks for buffer overflow flaws.