Introduction to Buffer Overflows
Basics of Buffer Overflows
What is a buffer?
What is a buffer overflow?
A computer buffer overflow –
attacker treachery ahead
Why is this a security problem?
How could a computer (or programmer) be so dumb?
Want a more detailed but non-techie explanation?
ANALOGY: Computer~~Mailroom
New data overwrites previous data
 Big numbers take multiple mailboxes
Characters are represented as numbers, too
Programs end up as numbers
in mailboxes, also!

Special numbers used as addresses are
also stored in mailboxes!
Programs use addresses for commonly used orders and to change order of actions
The mailroom is a computer.
Computers need programmers to give them orders.
Really! The mailroom is just like a modern computer on another scale!
Programmers use subroutines for common functions used many places
Executing subroutines requires stacks to keep track of returns
Stacks are essential
Problem: Pointers to stacks need mailboxes
Problem: Subroutine data also needs to go on and off  the stack, too
What stacks look like
All the pieces are in place – one minor error and we’ll see how to hijack the mailroom.
How to hijack the mailroom: the stack arrangement is the culprit
Patty wants into that computer!
Alice goofed, a common mistake, and Patty knows how to take advantage.
Patty knows where Norman will store her name and that part of her name is a program
Patty knows that a buffer overflow will ovewrite the return point to go to her program
Glossary
Glossary
Glossary
About this Project