Re: Needed info on Buffer/Boundary Overflow Attacks
From: 'ken'@FTUDate: 10/16/01
- Previous message: Bennett Todd: "Re: Syn Flood generator / Dos Attack generator"
- In reply to: Srikrishan Gaddam: "Re: Needed info on Buffer/Boundary Overflow Attacks"
- Next in thread: Blake R. Swopes: "RE: Needed info on Buffer/Boundary Overflow Attacks"
- Next in thread: leon: "RE: Needed info on Buffer/Boundary Overflow Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BCC31A7.5090903@yahoo.com> Date: Tue, 16 Oct 2001 09:09:59 -0400 From: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com> To: Srikrishan Gaddam <srikrishan@vsnl.com> Subject: Re: Needed info on Buffer/Boundary Overflow Attacks
Here is your answer.
It is based off the site listed below:
http://icat.nist.gov/icat_documentation.htm
'ken'
----------------
Input validation error
A vulnerability is characterized as an "Input validation error" if the
input being received by a system is not properly checked such that a
vulnerability is present that can be exploited by a certain input
sequence. This vulnerability type and its subcategories only apply to
input that is malicious or otherwise malformed. The "Input validation
error" label may appear by itself or in two other variations: "Input
validation error (Boundary overflow)" and "Input validation error
(Buffer overflow)". These two categories are discussed below.
Input validation error (Boundary overflow)
A vulnerability is characterized as a "Boundary overflow" when the input
being received by a system, be it human or machine generated, causes the
system to exceed an assumed boundary thereby causing a vulnerability.
For example, the system may run out of memory, disk space, or network
bandwidth. Another example is that a variable might reach its maximum
value and roll over to its minimum value. Yet another example is that
the variables in an equation might be set such that a division by zero
error occurs. Boundary overflow errors are a subset of the class of
input validation errors. While it could be argued that buffer overflow
(discussed next) is a type of boundary overflow error, we put buffer
overflow in a distinct category given its importance.
Input validation error (Buffer overflow)
A vulnerability is characterized as a "buffer overflow" if the
vulnerability is caused by input being received by a system that is
longer than the expected input length. If the system does not check for
this condition then the input buffer fills up and overflows the memory
allocated for the input. By cleverly constructing this extra input, an
attacker can cause the system to crash or even to execute instructions
on behalf of the attacker.
----------------
Srikrishan Gaddam wrote:
> Hi Ken,
>
> Yes to some extent I do agree with you that buffer overflow and boundary
> overflow are one and the same. But there is a little bit of difference
> according to the ICAT database classification, both of the errors they have
> classified as Input Validation Error.
> Here is the link for it:
> http://icat.nist.gov/icat.cfm
>
> So they gave there the description for these errors, but since I was wanted
> a technical procedure or a methodology by which the hackers both whitehat
> and the blackhat ones, exploit these errors.
>
> Thanks to all those who have replied to my posting.
>
> Regards,
> Srikrishan
>
>
> ----- Original Message -----
> From: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com>
> To: "Pradeep Kumar" <pradeep.pillai@nexsi.com>
> Cc: "Srikrishan Gaddam" <srikrishan@vsnl.com>;
> <security-basics@securityfocus.com>
> Sent: Tuesday, October 16, 2001 3:35 AM
> Subject: Re: Needed info on Buffer/Boundary Overflow Attacks
>
>
>
>>First Address: My guess is that a buffer overflow and a boundry overflow
>>are the same. I looked through a number of references and did not see a
>>refernce to a boundry overflow. Perhaps you could site the source where
>>you found it and then we can dermine what the source is referring to.
>>
>>Second Address: A buffer overflow is a bug at the software application
>>level, not at the network level. So there is no real correlation between
>>SYNs and buffer overflows. If you are a programmer and would like to
>>understand computer security, I suggest reading Hack Proofing Your
>>Network published by Syngress. (Is this a plug to get my note posted?)
>>If you are a network admin I suggest Hacking Exposed 2nd Edition
>>published by Osborne. Both books are good but the technical focus is
>>different. I should note that the Buffer overflow chapter in Hack
>>Proofing Your Network is one of the best I've ever read. Hats off to
>>
> Hoglud.
>
>>'ken'
>>
>>Pradeep Kumar wrote:
>>
>>
>>>How does one detect this in the first place ? If there is a buffer
>>>
> overflow
>
>>>on a switch and I see a lot of half open connections , then it is
>>>understandably a " syn Attack" causing a buffer overflow. If not a Syn
>>>attack, how else can you cause buffer over flow.
>>>
>>>-----Original Message-----
>>>From: Srikrishan Gaddam [mailto:srikrishan@vsnl.com]
>>>Sent: Tuesday, October 09, 2001 12:12 AM
>>>To: security-basics@securityfocus.com
>>>Subject: Needed info on Buffer/Boundary Overflow Attacks
>>>
>>>
>>>Hi All,
>>>
>>>I've a small query to put to all the talented people out there on this
>>>
> list.
>
>>>Since I am new to the field of Security, I've not been able to
>>>
> understand
>
>>>the difference between Buffer Overflow and Boundary Overflow attacks:
>>>What are the factors that make them different?
>>>
>>>And second question is : what are the procedures or the methods that
>>>
> enable
>
>>>one to exploit these kinds of vulnerabilities. I am also wondering
>>>
> whether
>
>>>these methods will all be similar in nature in the sense that all these
>>>procedures/methods should be of same kind.
>>>
>>>Thanks in advance,
>>>
>>>Srikrishan Gaddam
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
- Previous message: Bennett Todd: "Re: Syn Flood generator / Dos Attack generator"
- In reply to: Srikrishan Gaddam: "Re: Needed info on Buffer/Boundary Overflow Attacks"
- Next in thread: Blake R. Swopes: "RE: Needed info on Buffer/Boundary Overflow Attacks"
- Next in thread: leon: "RE: Needed info on Buffer/Boundary Overflow Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
