Buffer Overflow?

Is buffer overflow a real concern? If it is what is the best program to stop it? I have XP SP2 32 bit.

 

DEP or Conodo memory wall

 

Personnally, I use Comodo Memory Firewall to prevent against Buffer overflow...

 

Can someone point to a current buffer overflow exploit, and what it accomplishes?

Thanks,

----
rich

 

I don't know about current, but google "buffer overflow exploit download", first result

 

Comodo have a Buffer overflow testing application at https://forums.comodo.com/comodo_me...er_overflow_testing_application-t12541.0.html

If this is what you want...

 

Here is information about a buffer overflow vulnerability in Adobe Flash - http://www.securityfocus.com/bid/28695/discuss. Excerpt: "Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags. An attacker may exploit this issue to execute arbitrary code in the context of the affected application."

If you would like to test a (probably) harmless example of buffer overflow, please see http://forums.comodo.com/feedbackco...emory_firewall_worked-t18683.0.html;msg128015.

See http://en.wikipedia.org/wiki/Buffer_overflow for general information about buffer overflow.

 

thanks - I know what a buffer overflow is, and I've seen the PoC demonstrations.

I would like to see some current exploits using this technique. Are they worms, as in the past? Do they work by remote code execution, or is the user enticed to click or download something?


----
rich

 

If you're looking for vulnerabilities, see http://research.eeye.com/html/alerts/zeroday/index.html and http://secunia.com. If you want actual code see milw0rm or metasploit. Today, for example, vulnerability 'Adobe Products BMP Handling Buffer Overflow Vulnerability' was reported, with current fix "Do not process untrusted BMP files using the affected applications. Do not connect untrusted storage devices to the local computer."

The user doesn't necessarily have to do anything abnormal to be exploited. Merely surfing a website with malicious content with a vulnerable browser or browser addon is sufficient. Looking at an infected video in a vulnerable multimedia player could get you infected. Programs listening for incoming network connections can be exploited if they are vulnerable.

 

Does Comodo Memory Firewall interfere with some programs operations as DEP does?

 

I've used Comodo Memory Firewall for several months without problems, but of course your results might vary. See http://forums.comodo.com/comodo_memory_firewallbuffer_overflow_protection-b97.0/ for the official product forum.

 

So what other software is out there to help guard the 'stack.'

I know of and tried Wehnus and also grsecurity, and hardened linux, BSD - pax kernal patch but what else?

 

Data Execution Prevention - built into Windows but configurable.

Use anti-malware scanner that scans all files, not just executables. Poisoned data files can be detected by at least some anti-malware products.

To limit damage - either use limited user account, or if using administrator account then use 'Basic User' setting in Software Restriction Policy for all programs that might be exposed to malicious content.

 

Some products listed here - http://www.sys-manage.com/PRODUCTS/BufferShield/PreventedExploits/tabid/63/Default.aspx

 

Threatfire.

 

I have set DEP in the past already, because I found this in my installation file :
1. Click Start / Control Panel / System
2. Click Advanced-tab
3. Click Settings of Performance
4. Click Data Execution Prevention
5. Mark "Turn on DEP for all programs and services"
6. Click OK-button
Not really convinced if that will do the job, it's M$.

Is Buffershield of $20 worth to install ?

 

i looked at the other BO protectors would you know if CMF will protect like [BufferShield] thank for any help on this subject i'm almost lost.

 

Not sure best way to find out is try it. Going by that table Wehus which is freeware nearly protects against them all.

 

Okay I'm with you there as I use DEP, SRP and have a limited account on the computer already. Do we need a stack defender.

 

Whenus
http://www.wehnus.com/support.pl
I tried it long ago and it didn't work, bugs maybe.

 

Sorry, in what way didn't it work? The program, protection?

 

I don't remember the details, but it caused problems on my system.
Looking at the version #, its development seems to be frozen also.

 

I haven't tried out this product, but I did read the same things (about bugs, that is) somewhere else online. Since development is frozen, I'd avoid it.

 

I did personally test out Comodo Memory Firewall on one example (well, two if you include the Comodo BO Tester program): http://forums.comodo.com/feedbackco...t_comodo_memory_firewall_worked-t18683.0.html. CMF worked with both, but be careful about drawing conclusions from a sample size of two.

Here is vendor-supplied information about CMF:

"Comodo Memory Firewall detects the following types of attack:
Detection of Buffer Overflows which occur in the STACK memory,
Detection of Buffer Overflows which occur in the HEAP memory,
Detection of ret2libc attacks,
Detection of corrupted/bad SEH Chains"

 

Software DEP and hardware DEP are different. Software DEP is weak. Hardware DEP is better. Since it's known how to bypass DEP, you might wish to consider Comodo Memory Firewall even if you have hardware DEP.