Exploiting stack-based buffer overflow using modern day techniques
One of the most commonly known vulnerabilities that can affect a binary executable is the stack-based buffer overflow. The buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations. Nowadays, due to multiple protect...
Gespeichert in:
| Veröffentlicht in: | Procedia computer science Jg. 160; S. 9 - 14 |
|---|---|
| Hauptverfasser: | , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Elsevier B.V
2019
|
| Schlagworte: | |
| ISSN: | 1877-0509, 1877-0509 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | One of the most commonly known vulnerabilities that can affect a binary executable is the stack-based buffer overflow. The buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations. Nowadays, due to multiple protection mechanisms enforced by the operating system and on the executable level, the buffer overflow has become harder to exploit. Multiple bypassing techniques are often required to be used in order to successfully exploit the vulnerability and control the execution flow of the studied executable. One of the security features designed as protection mechanisms is Data Execution Prevention (DEP) which helps prevent code execution from the stack, heap or memory pool pages by marking all memory locations in a process as non-executable unless the location explicitly contains executable code. Another protection mechanism targeted is the Address Space Layout Randomization (ASLR), which is often used in conjunction with DEP. This security feature randomizes the location where the system executables are loaded into memory. By default, modern day operating systems have these security features implemented. However, on the executable level, they have to be explicitly enabled. Most of the protection mechanisms, like the ones mentioned above, require certain techniques in order to bypass them and many of these techniques are using some form of address memory leakage in order to leverage an exploit. By successfully exploiting a buffer overflow, the adversary can potentially obtain code execution on the affected operating system which runs the vulnerable executable. The level of privilege granted to the adversary is highly depended on the level of privilege that the binary is executed with. As such, an adversary may gain elevated privileges inside the system. Most of the times, this type of vulnerability is used for privilege escalation attacks or for gaining remote code execution on the system. |
|---|---|
| AbstractList | One of the most commonly known vulnerabilities that can affect a binary executable is the stack-based buffer overflow. The buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations. Nowadays, due to multiple protection mechanisms enforced by the operating system and on the executable level, the buffer overflow has become harder to exploit. Multiple bypassing techniques are often required to be used in order to successfully exploit the vulnerability and control the execution flow of the studied executable. One of the security features designed as protection mechanisms is Data Execution Prevention (DEP) which helps prevent code execution from the stack, heap or memory pool pages by marking all memory locations in a process as non-executable unless the location explicitly contains executable code. Another protection mechanism targeted is the Address Space Layout Randomization (ASLR), which is often used in conjunction with DEP. This security feature randomizes the location where the system executables are loaded into memory. By default, modern day operating systems have these security features implemented. However, on the executable level, they have to be explicitly enabled. Most of the protection mechanisms, like the ones mentioned above, require certain techniques in order to bypass them and many of these techniques are using some form of address memory leakage in order to leverage an exploit. By successfully exploiting a buffer overflow, the adversary can potentially obtain code execution on the affected operating system which runs the vulnerable executable. The level of privilege granted to the adversary is highly depended on the level of privilege that the binary is executed with. As such, an adversary may gain elevated privileges inside the system. Most of the times, this type of vulnerability is used for privilege escalation attacks or for gaining remote code execution on the system. |
| Author | Nicula, Ștefan Zota, Răzvan Daniel |
| Author_xml | – sequence: 1 givenname: Ștefan surname: Nicula fullname: Nicula, Ștefan email: snicula@protonmail.com organization: The Bucharest University of Economic Studies, 15-17 Dorobanti, Bucharest 010552, ROMANIA – sequence: 2 givenname: Răzvan Daniel surname: Zota fullname: Zota, Răzvan Daniel organization: The Bucharest University of Economic Studies, 15-17 Dorobanti, Bucharest 010552, ROMANIA |
| BookMark | eNqFkD1PwzAQhi1UJErpL2DJH0iw46SOBwaoyodUiQVmyz2fwSWNi-0W-u9JKQNigFvuhnte6X1OyaDzHRJyzmjBKJtcLIt18BCLkjJZUFlUXByRIWuEyGlN5eDHfULGMS5pP7xpJBNDcj37WLfeJdc9ZzFpeM0XOqLJFhtrMWR-i8G2_j3bxP3HyhsMXWb0LksIL51722A8I8dWtxHH33tEnm5mj9O7fP5wez-9mudQsSrlBo1upOFSGKypliWW1jSclhNb1RzA6oZbmOhKL2ojAZmoDLfccAqAgjM-IvKQC8HHGNAqcEkn57sUtGsVo2rvQy3Vlw-196GoVL2PnuW_2HVwKx12_1CXBwr7WluHQUVw2AEaFxCSMt79yX8CaER_YA |
| CitedBy_id | crossref_primary_10_3390_s23136067 crossref_primary_10_1016_j_cose_2024_104272 crossref_primary_10_1016_j_cose_2024_103883 crossref_primary_10_15803_ijnc_15_2_118 crossref_primary_10_3390_electronics12234741 |
| Cites_doi | 10.1016/j.phpro.2012.02.259 10.1016/j.procs.2016.04.270 |
| ContentType | Journal Article |
| Copyright | 2019 |
| Copyright_xml | – notice: 2019 |
| DBID | 6I. AAFTH AAYXX CITATION |
| DOI | 10.1016/j.procs.2019.09.437 |
| DatabaseName | ScienceDirect Open Access Titles Elsevier:ScienceDirect:Open Access CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1877-0509 |
| EndPage | 14 |
| ExternalDocumentID | 10_1016_j_procs_2019_09_437 S1877050919316527 |
| GroupedDBID | --K 0R~ 0SF 1B1 457 5VS 6I. 71M AACTN AAEDT AAEDW AAFTH AAIKJ AALRI AAQFI AAXUO ABMAC ACGFS ADBBV ADEZE AEXQZ AFTJW AGHFR AITUG ALMA_UNASSIGNED_HOLDINGS AMRAJ E3Z EBS EJD EP3 FDB FNPLU HZ~ IXB KQ8 M41 M~E NCXOZ O-L O9- OK1 P2P RIG ROL SES SSZ 9DU AAYWO AAYXX ABWVN ACRPL ACVFH ADCNI ADNMO ADVLN AEUPX AFPUW AIGII AKBMS AKRWK AKYEP CITATION ~HD |
| ID | FETCH-LOGICAL-c414t-deda89d397de50a92e2fd83026f453ccfa83fc6a4ab5d9ce174d3f3d30cce7313 |
| ISICitedReferencesCount | 15 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000515510100001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1877-0509 |
| IngestDate | Tue Nov 18 21:44:07 EST 2025 Sat Nov 29 04:10:11 EST 2025 Wed May 17 00:11:47 EDT 2023 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Keywords | stack protection mechanisms return oriented programming address memory leak stack buffer overflow libc attack exploiting buffer overflow |
| Language | English |
| License | This is an open access article under the CC BY-NC-ND license. |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c414t-deda89d397de50a92e2fd83026f453ccfa83fc6a4ab5d9ce174d3f3d30cce7313 |
| OpenAccessLink | https://dx.doi.org/10.1016/j.procs.2019.09.437 |
| PageCount | 6 |
| ParticipantIDs | crossref_citationtrail_10_1016_j_procs_2019_09_437 crossref_primary_10_1016_j_procs_2019_09_437 elsevier_sciencedirect_doi_10_1016_j_procs_2019_09_437 |
| PublicationCentury | 2000 |
| PublicationDate | 2019 2019-00-00 |
| PublicationDateYYYYMMDD | 2019-01-01 |
| PublicationDate_xml | – year: 2019 text: 2019 |
| PublicationDecade | 2010 |
| PublicationTitle | Procedia computer science |
| PublicationYear | 2019 |
| Publisher | Elsevier B.V |
| Publisher_xml | – name: Elsevier B.V |
| References | retrieved Jan.2019 Alouneh, Kharbutli, AlQurem (bib00019) 2013; 21 National Institute of Standards and Technology. ICAT Metabase. Format String Exploitation-Tutorial How to hijack the Global Offset Table with pointers for root shells, (Apr.2006) Smashing the Stack, (Apr.2014) P. Silberman and R. Johnson, A Comparison of Buffer Overflow Prevention Implementations and Weaknesses, presentation at Black Hat USA, Caesar’s Palace, Las Vegas, NV, USA (Jul. 2004). Mitre CVE Buffer Overflow search result Position Independent Executables (PIE), (Nov.2012) Hardening ELF binaries using Relocation Read-Only (RELRO), (Jan.2019) Bypassing ASLR - Part I, (May 2015) Bruce Dang, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, Wiley Publishing, 2014 The magic gadget, (Sep.2016) Buffer overflow protection, (Jun.2018) retrieved Feb. 2015. retrieved Mar.2019 Yan Fen, Yuan Fuchao, Shen Xiaobing, Yin Xinchun, Mao Bing, A New Data Randomization Method to Defend Buffer Overflow Attacks, International Conference on Applied Physics and Industrial Engineering, Physics Procedia 24, Volume 24, Part C, 2012, pages 1757-1764 retrieved Dec.2018 retrieved Oct.2018 Return-to-libc Exploit, (Feb.11) Eldad Eilam, Reversing: Secrets of Reverse Engineering, Wiley Publishing, 2005 Erick Leon, Stefan D. Bruda, Counter-measures against stack buffer overflows in GNU/Linux operating systems., The International Workshop on Parallel Tasks on High Performance Computing, Procedia Computer Science 83, 2016, Volume 83, pages 1301 – 1306 retrieved Apr.2019 Ryan "elfmaster" O’Neill, Learning Linux Binary Analysis, Packt, 2016 Bypassing DEP with ROP (32-bit), (Dec.2017) A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003, (Jul.2017) retrieved May.2019 Address Space Layout Randomization, (Mar.2003) G. Duarte. Epilogues, Canaries, and Buffer Overflows, (Mar. 19 2014) 10.1016/j.procs.2019.09.437_bib00012 10.1016/j.procs.2019.09.437_bib00023 10.1016/j.procs.2019.09.437_bib00011 10.1016/j.procs.2019.09.437_bib00022 10.1016/j.procs.2019.09.437_bib00010 10.1016/j.procs.2019.09.437_bib00021 Alouneh (10.1016/j.procs.2019.09.437_bib00019) 2013; 21 10.1016/j.procs.2019.09.437_bib00020 10.1016/j.procs.2019.09.437_bib00016 10.1016/j.procs.2019.09.437_bib00015 10.1016/j.procs.2019.09.437_bib00014 10.1016/j.procs.2019.09.437_bib00013 10.1016/j.procs.2019.09.437_bib0001 10.1016/j.procs.2019.09.437_bib0003 10.1016/j.procs.2019.09.437_bib0002 10.1016/j.procs.2019.09.437_bib0005 10.1016/j.procs.2019.09.437_bib00018 10.1016/j.procs.2019.09.437_bib0004 10.1016/j.procs.2019.09.437_bib00017 10.1016/j.procs.2019.09.437_bib0007 10.1016/j.procs.2019.09.437_bib0006 10.1016/j.procs.2019.09.437_bib0009 10.1016/j.procs.2019.09.437_bib0008 |
| References_xml | – reference: Bypassing DEP with ROP (32-bit), (Dec.2017), – reference: Format String Exploitation-Tutorial, – reference: Smashing the Stack, (Apr.2014), – reference: A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003, (Jul.2017) – reference: , retrieved Apr.2019 – reference: Position Independent Executables (PIE), (Nov.2012), – reference: G. Duarte. Epilogues, Canaries, and Buffer Overflows, (Mar. 19 2014), – reference: Hardening ELF binaries using Relocation Read-Only (RELRO), (Jan.2019), – reference: , retrieved May.2019 – reference: Eldad Eilam, Reversing: Secrets of Reverse Engineering, Wiley Publishing, 2005 – reference: Mitre CVE Buffer Overflow search result, – reference: Bypassing ASLR - Part I, (May 2015), – reference: , retrieved Feb. 2015. – reference: , retrieved Jan.2019 – reference: The magic gadget, (Sep.2016),) – reference: Erick Leon, Stefan D. Bruda, Counter-measures against stack buffer overflows in GNU/Linux operating systems., The International Workshop on Parallel Tasks on High Performance Computing, Procedia Computer Science 83, 2016, Volume 83, pages 1301 – 1306 – volume: 21 start-page: 250 year: 2013 end-page: 256 ident: bib00019 article-title: Stack Memory Buffer Overflow Protection Based on Duplication and Randomization publication-title: The 4th International Conference on Emerging Ubiquitous Systems and Pervasive Networks, Procedia Computer Science – reference: , retrieved Oct.2018 – reference: , retrieved Dec.2018 – reference: National Institute of Standards and Technology. ICAT Metabase. – reference: Buffer overflow protection, (Jun.2018), – reference: How to hijack the Global Offset Table with pointers for root shells, (Apr.2006), – reference: Address Space Layout Randomization, (Mar.2003), – reference: , retrieved Mar.2019 – reference: Return-to-libc Exploit, (Feb.11), – reference: P. Silberman and R. Johnson, A Comparison of Buffer Overflow Prevention Implementations and Weaknesses, presentation at Black Hat USA, Caesar’s Palace, Las Vegas, NV, USA (Jul. 2004). – reference: Yan Fen, Yuan Fuchao, Shen Xiaobing, Yin Xinchun, Mao Bing, A New Data Randomization Method to Defend Buffer Overflow Attacks, International Conference on Applied Physics and Industrial Engineering, Physics Procedia 24, Volume 24, Part C, 2012, pages 1757-1764 – reference: Ryan "elfmaster" O’Neill, Learning Linux Binary Analysis, Packt, 2016 – reference: Bruce Dang, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, Wiley Publishing, 2014 – ident: 10.1016/j.procs.2019.09.437_bib0001 – ident: 10.1016/j.procs.2019.09.437_bib00010 – ident: 10.1016/j.procs.2019.09.437_bib0003 – ident: 10.1016/j.procs.2019.09.437_bib0004 – ident: 10.1016/j.procs.2019.09.437_bib00013 – ident: 10.1016/j.procs.2019.09.437_bib00014 – ident: 10.1016/j.procs.2019.09.437_bib00012 – ident: 10.1016/j.procs.2019.09.437_bib00011 doi: 10.1016/j.phpro.2012.02.259 – ident: 10.1016/j.procs.2019.09.437_bib00022 – ident: 10.1016/j.procs.2019.09.437_bib00023 – volume: 21 start-page: 250 year: 2013 ident: 10.1016/j.procs.2019.09.437_bib00019 article-title: Stack Memory Buffer Overflow Protection Based on Duplication and Randomization publication-title: The 4th International Conference on Emerging Ubiquitous Systems and Pervasive Networks, Procedia Computer Science – ident: 10.1016/j.procs.2019.09.437_bib0009 – ident: 10.1016/j.procs.2019.09.437_bib00018 – ident: 10.1016/j.procs.2019.09.437_bib0008 – ident: 10.1016/j.procs.2019.09.437_bib0002 doi: 10.1016/j.procs.2016.04.270 – ident: 10.1016/j.procs.2019.09.437_bib00020 – ident: 10.1016/j.procs.2019.09.437_bib00021 – ident: 10.1016/j.procs.2019.09.437_bib0006 – ident: 10.1016/j.procs.2019.09.437_bib0007 – ident: 10.1016/j.procs.2019.09.437_bib00015 – ident: 10.1016/j.procs.2019.09.437_bib00016 – ident: 10.1016/j.procs.2019.09.437_bib0005 – ident: 10.1016/j.procs.2019.09.437_bib00017 |
| SSID | ssj0000388917 |
| Score | 2.2233176 |
| Snippet | One of the most commonly known vulnerabilities that can affect a binary executable is the stack-based buffer overflow. The buffer overflow occurs when a... |
| SourceID | crossref elsevier |
| SourceType | Enrichment Source Index Database Publisher |
| StartPage | 9 |
| SubjectTerms | address memory leak exploiting buffer overflow libc attack return oriented programming stack buffer overflow stack protection mechanisms |
| Title | Exploiting stack-based buffer overflow using modern day techniques |
| URI | https://dx.doi.org/10.1016/j.procs.2019.09.437 |
| Volume | 160 |
| WOSCitedRecordID | wos000515510100001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 1877-0509 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000388917 issn: 1877-0509 databaseCode: M~E dateStart: 20100101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3NT9swFLdGx4ELsAEaMJAPcOoiJU5ix8cNgTgAmgRMaJcotR2Jj6WIplBx4G_fe7bTRBQhNolLlFp1Xb33y_PPL--DkB1gyZEpJJxODEuDhGEQgDEswKeTa6a5sFG-v47EyUl2cSF_-nZHI9tOQFRVNpnI23dVNYyBsjF19h_UPf1RGIB7UDpcQe1wfZPibVTdZe39BOo6wI0KaOYYO6H0MWKzvBk-9MfWSfDHtULDZJBpNddRl7DaRALAkI09x_YPfb9nti80MJIVNbW7l-3KrDZlC7jfQ09OLWeNHzFZyiW1d70NHWs2mwBj7WUmRIAlZNx28sJYY2Rd1wBvJmVnv3U5pDOW3DkVrnAfUVhWPZJYjzZxFWKelcg-xSVxRWCjEU-ZmCMfmUglhvgdP7U-N6x8I20T5ul_bApR2ZC_mbVeJisdAnK2TBb9yYF-dxr_RD6Y6jNZarpyUG-kV8iPFgC0AwDqAEAbAFALAOoAQAEAtAXAKjk_2D_bOwx8p4xAJVFSB9roIpMauKU2aVhIZlipsbIbL5M0VqossrhUvEiKQaqlMnAM1XEZ6zhUyog4itdIrxpW5guhQJCLKNScCSAuhkfFIBEZCG7AQyb5wKwT1ogkV76MPHYzucmbeMGr3MoxRznmocxBjuvk23TSraui8vrXeSPr3IPaEbwc0PHaxI3_nbhJFvCT8619Jb36bmy2yLy6ry9Hd9sWRX8BrtWDLg |
| linkProvider | ISSN International Centre |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Exploiting+stack-based+buffer+overflow+using+modern+day+techniques&rft.jtitle=Procedia+computer+science&rft.au=Nicula%2C+%C8%98tefan&rft.au=Zota%2C+R%C4%83zvan+Daniel&rft.date=2019&rft.pub=Elsevier+B.V&rft.issn=1877-0509&rft.eissn=1877-0509&rft.volume=160&rft.spage=9&rft.epage=14&rft_id=info:doi/10.1016%2Fj.procs.2019.09.437&rft.externalDocID=S1877050919316527 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1877-0509&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1877-0509&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1877-0509&client=summon |