Help - Search - Members - Calendar
Full Version: Buffer Overflow?
Linuxhelp > Support > Technical Support
Termina
I've heard references to buffer overflow attacks, and was wondering what this was.

Is this just sending too much information to a certain port/service so it freezes/shuts down? If so, is there a way to prevent this? If so, how?
Jim
Buffer overflow usually happens when a program has a non-terminating loop, especially while loops. All the numbers get placed in an area of your RAM known as the buffer to be stored until used or cleared. Something like

CODE
While (x>o){
    x = x + 1;
}


Will cause x to just keep increasing thus overloading your buffer and eventually crashing the computer if you don't kill it before it fills the buffer completely.

I suppose these could be used as some sort of virus attack but I have never heard or it being used this way. Usually its just a way I attack myself wile I am trying to finish my java homework (last night comes to mind).

Maybe I am just not familiar with it in the way that it is hitting you. Have you actually been hit and if so how? Or have you just heard about it and were wondering?

I can't think of any way to prevent this other than writing good code. Usually if it starts to happen you can press ctrl + c or ctrl + x to kill or suspend it. If you suspend it make sure you go into top and kill it otherwise it will keep sucking down your buffer space and a processor.
hughesjr
Actually, buffer overflows are the single biggest security problem for Windows, Linux, and probably all computer systems.....(for the 2002,2003 root vulnerabilites in Linux 67% of them were buffer overflows)

Basically, a buffer overflow occurs if you assign a limit for a 10 character input, but someone inputs 20 characters into that variable .... the 10 after the cut off are overflow. How the program handles the overflow is the problem. If the overflow (or overrun) were just dropped, that would prevent the problem ... however, that is not always the case, so there are overflow conditions that could cause problems.

There are some combinations of charaters that can cause unexpected results in some programs. The Code Red worm, The MS Blaster Worm, (almost every major worm outbreak) are examples of buffer overflows...here is some info:

http://www.linuxjournal.com/article.php?sid=6701

http://searchsecurity.techtarget.com/sDefi...i549024,00.html

http://zdnn.search.com/search?version=x&q=...buffer+overflow

http://www.networkmagazine.com/article/NMG...MG20000511S0015

http://search.securityfocus.com/swsearch?q...&sort=swishrank

This is basically an issue that is going to be handled by programming ... either people writing better code .. or the compiler testing better for overflow conditions.

The main way to fix these problems is to continually apply security patches released by your OS provider.

There is a package called libsafe that is supposed to afford protection for linux from buffer overflows ... but it has it's own vulnerabilities. I personally don't use libsafe ... I do apply security patches once a week.
Termina
Is running "apt-get update" and "apt-get upgrade" enough for security updates?

Or is the "apt-get dist-upgrade" (sp?) important to use as well (Never used it, not too sure what it does) happy.gif

If not, what should I do for knoppix debian, upgrade wise?
hughesjr
Here is the difference between upgrade and dist-upgrade ....

CODE
dist-upgrade
             dist-upgrade, in addition to performing the function of upgrade,
             also intelligently handles changing dependencies with  new  ver-
             sions  of  packages;  apt-get  has a "smart" conflict resolution
             system, and it will attempt to upgrade the most important  pack-
             ages  at  the  expense of less important ones if necessary.  The
             /etc/apt/sources.list file contains a  list  of  locations  from
             which  to  retrieve desired package files.  See also apt_prefer-
             ences(5) for a mechanism for overriding the general settings for
             individual packages.

upgrade
             upgrade  is  used to install the newest versions of all packages
             currently installed on the system from the sources enumerated in
             /etc/apt/sources.list.  Packages  currently  installed  with new
             versions available are retrieved and upgraded; under no  circum-
             stances  are  currently  installed packages removed, or packages
             not already installed retrieved and installed. New  versions  of
             currently  installed  packages  that  cannot be upgraded without
             changing the install status of another package will be  left  at
             their current version. An update must be performed first so that
             apt-get knows that new versions of packages are available.

update
             update  is  used  to  resynchronize the package index files from
             their sources. The indexes of  available  packages  are  fetched
             from  the  location(s)  specified in /etc/apt/sources.list.  For
             example, when using a Debian archive, this command retrieves and
             scans  the  Packages.gz files, so that information about new and
             updated packages is available. An update should always  be  per-
             formed  before  an upgrade or dist-upgrade. Please be aware that
             the overall progress meter will be incorrect as the size of  the
             package files cannot be known in advance.




I always use dist-upgrade ... if packages abc and adf are replaced by a single package xyz, then dist-upgrade will install xyz and remove abc and adf .... upgrade will just make sure abc and adf are the latest versions....

Yes, using apt-get dist-upgrade will keep you updated with the latest patches....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.