Buffer OverflowBuffer Overflow

sailaja sailaja yagnavajhalayagnavajhala

• When we try to write a value to a When we try to write a value to a buffer which occupies more memory buffer which occupies more memory than it is actually assignedthan it is actually assigned

• Attckers uses this to write shell code Attckers uses this to write shell code to get privilages and change current to get privilages and change current execution path of the server.execution path of the server.

• Occurs when boundary values are Occurs when boundary values are not checked when copying a value to not checked when copying a value to stackstack

Used platforms and softwaresUsed platforms and softwares

• Windows XP operating systemWindows XP operating system

• FTP Serv-U4.1 versionFTP Serv-U4.1 version

• Gentoo Linux operating systemGentoo Linux operating system

• Ethereal version 0.10.0Ethereal version 0.10.0

Start the serverStart the server

Start running the program on attackers computer as shown bellow at Start running the program on attackers computer as shown bellow at the promptthe prompt

After the attcker gets command prompt she can get full After the attcker gets command prompt she can get full aceess rights to the server and the server stops as soon as it aceess rights to the server and the server stops as soon as it

gets attcked gets attcked

As the code executes cmd.exe file at the server the As the code executes cmd.exe file at the server the

administrator can stop further access by killing that processadministrator can stop further access by killing that process..

Ethereal trace showing the MDTM Ethereal trace showing the MDTM

command requestcommand request

Follow the TCP streamFollow the TCP stream

• This attack can be done on FTP serv-This attack can be done on FTP serv-U 3.x,4.x,5.0.U 3.x,4.x,5.0.

• Currently there are no patches Currently there are no patches available for this vulnerabilityavailable for this vulnerability

CountermeasuresCountermeasures

• Don’t use functions which doesn’t Don’t use functions which doesn’t check boundary valuescheck boundary values

• Invalidating instructions execution by Invalidating instructions execution by stackstack

• Using efficient tools which would Using efficient tools which would warn incase of inefficient function warn incase of inefficient function usage or when there is a change of usage or when there is a change of return address being performedreturn address being performed