An attacker manipulates a data buffer to change the execution flow of a
process to a sequence of events the attacker controls. Data buffers in
software applications provide a storage-space for external input. Buffer
attacks provide input the buffer cannot correctly handle. Buffer attacks are
distinguished in that it is the buffer space itself that is the target of
the attack rather than any code responsible for interpreting the content of
the buffer. In virtually all buffer attacks the content that is placed in
the buffer by the user is immaterial. Instead, most buffer attacks involve
providing more input than the buffer can store, resulting in the overwriting
of other program memory or even the program stack with user supplied
input.
Attack Prerequisites
The target must accept input provided by the attacker and store it in a
buffer.
Resources Required
The attacker must posess a programmatic means for supplying data to a buffer,
such as a compiled C or scripted exploit in perl. Network buffer overflows rely
on connectivity of a protocol to deliver the payload.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
