Why Buffer Overflows Are Bad

• Overflow overwrites the stack

  • Usually only causes a segmentation violation (segfault, GPF)

• Attacker may replace return address with fabricated address

  • Function returns to user-supplied code instead of caller
  • Shellcode embedded in user input (env variable, stdin)
  • Shellcode runs with same privilege as victim program (root?!)
    • System call execve() to run shell
    • Add root user line to /etc/passwd

• Shellcode widely available to script kiddies