Need information on Buffet Overflow attacks

[Cruzz]

Hi,
What is mean by a Buffet Overflow attacks. What are this attacks and what are the causes of the same. I need some technical information on the same. What I am aware of this is that it is type of attack which lets a hacker to get control over an application. Is that correct. What things must be done to protect oneself against this attack. I need some safety tips on the same.

[Milton.J]

Buffer Overflow is also known as stack overflow. A buffer overflow attack is a classic of exploiting the poor management of the stack memory (booking and release the memory spaces) in a program. The attacker deliberately sending too much information in one field or a specific variable, causing an overflow of the memory area allocated to this variable. The attacker can then obtain access rights have arisen or malicious executable code in the memory area overflowed.

[Spyrus]

In computer an overrun or buffer overflow is a bug that can be exploited to violate the security policy of a system. This technique is commonly used by hackers. When the bug is caused unintentionally, the behavior of the machine becomes completely unpredictable. This often manifests itself by blocking the program or even the entire system, if poorly designed.

[Snake08]

When the bug is exploited for malicious attacker's strategy is to divert the program buggy making him execute external code, hostile or not. More technically, the principle is to benefit from access to certain program variables, often through such functions scanf () (analyzing string) or strcpy () (copy of string) in C, who do not control the size of the channel to be recorded in a buffer to overwrite the memory of the processor until the return address of the function being implemented.

[Zachary]

It is possible for use to choose what the next instruction executed by the processor. The code is usually introduced executed with the rights of the program diverted. To avoid such overruns, some functions have been rewritten to take in setting the size of the buffer in which data is copied, and thus avoid copying more than it contains. Thus strncpy () is a version of strcpy () which takes the buffer size. When the methods buffer overflow began to spread, the FreeBSD team stopped any development for several months to fill all the gaps like this in their source code. The Linux procrastinated a little more.

[Big Fish]

In order to protect your system again it you have to use up different techniques. Like using another language than C / C + + which contains no verification mechanism of tolerance limits. Use any libraries or external programs that enable development mode test cases issue. Ban the use of functions called unprotected. Prefer eg strncpy to strcpy, which makes control of size. The recent compilers can prevent the programmer if used functions at risk, even if the operation is possible.