Word of the Day: buffer overflow

Word of the Day Daily updates on the latest technology terms | September 17, 2018 buffer overflow Buffer overflow is what happens when a program or process attempts to write too much data to the buffer, a segment of computer memory reserved for temporary data storage. The extra data will overwrite data values in memory addresses adjacent to the destination buffer unless the application is written to flag or discard overflow. Buffer overflow is categorized according to the location of the buffer in the process memory; the two main types are stack-based and heap-based. The stack is a continuous space in memory used to organize data associated with function calls, including function parameters, function local variables and management information, such as frame and instruction pointers. The heap is a memory structure used to manage dynamic memory. Programmers often use the heap to allocate memory whose size is not known at compile time, where the amount of memory required is too large to fit on the stack or where the memory is intended to be used across function calls.   Buffer overflow ranks high in the Common Weakness Enumeration/SANS Top 25 Most Dangerous Software Errors and is specified as CWE-120 under the Common Weakness Enumeration dictionary of weakness types. Techniques to exploit buffer vulnerabilities vary based on the operating system and programming language, but the goal is always to manipulate a computer's memory to subvert or control program execution. The most common reason why buffer overflow attacks work is because applications fail to manage memory allocations and validate input from the client or other processes. Applications developed in C or C++ should avoid dangerous standard library functions that are not bounds-checked, such as gets, scanf and strcpy, and instead use libraries or classes explicitly created to perform string and other memory operations securely. User input and data from untrusted sources should always be validated to ensure that they are within the bounds of what's expected. Quote of the Day "We are still seeing a lot of the same techniques to hack applications as we have previously seen. For example, buffer overflows, along with poor coding still remain two of the biggest application security issues." -- David Smith Trending Terms vulnerability assessment/vulnerability analysis   Common Weakness Enumeration (CWE)   address space layout randomization (ASLR)   firehose effect   integer overflow   stack overflow Learning Center   How do buffer overflow attacks work? Home-grown apps are susceptible to buffer overflows, as are Windows and Linux apps. Part one of this two-part series shows how hackers can take control of your programs.   How can attackers exploit a buffer underflow vulnerability? A vulnerability was recently discovered in the strongSwan open source VPN, and it caused a buffer underflow. Learn how attackers were able to exploit this vulnerability.   Spectre variant gives buffer overflow a new twist New variants of the Spectre microprocessor bugs use buffer overflow-style attacks to run malicious code.   The unlikelihood of ‘IoT, secure by design,’ and what we can do about it The 'secure by design' concept is a great idea in theory, but without automatic updates, IoT security will always be an issue. Minim's Alec Rooney discusses.   Understanding the exploit market: How data breaches happen Quickly upgrading software with the latest patches is essential when you understand how data breaches happen and how the exploit market can work against you when you have network and system vulnerabilities.     Quiz Yourself What type of security attack vector exploits the tendancy of people's desire to be helpful? Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.