buffer overflow
Home > Security Definitions - Buffer overflow
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

buffer overflow

Show me everything on Client security

DEFINITION - A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

In July 2000, a vulnerability to buffer overflow attack was discovered in Microsoft Outlook and Outlook Express. A programming flaw made it possible for an attacker to compromise the integrity of the target computer by simply it sending an e-mail message. Unlike the typical e-mail virus, users could not protect themselves by not opening attached files; in fact, the user did not even have to open the message to enable the attack. The programs' message header mechanisms had a defect that made it possible for senders to overflow the area with extraneous data, which allowed them to execute whatever type of code they desired on the recipient's computers. Because the process was activated as soon as the recipient downloaded the message from the server, this type of buffer overflow attack was very difficult to defend. Microsoft has since created a patch to eliminate the vulnerability.

Learn more about Client security
Endpoint protection best practices manual: Combating issues, problems: In this endpoint protection best practices manual, you will learn how to employ effective endpoint security controls, technologies and policies, and well as defining methods and techniques for ...
Quiz: Endpoint security on a budget: Take this five-question quiz and test your knowledge of low-cost endpoint security techniques.
Network Access Control Learning Guide: Learn how to block and secure untrusted endpoints, and control user access with this Learning Guide.
RSA 2005 conference coverage: Can't make it to RSA? Let us take you there. We're covering the conference live from the show floor to bring you the latest information security news.
Lesson/Domain 5 -- Security School: Training for CISSP Certification: Security School webcasts are focused on CISSP training. This lesson corresponds to the telecommunications and networking domain in the CISSP exam's "Common Body of Knowledge."

CONTRIBUTORS: David Kramer
LAST UPDATED: 05 Jun 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- A ZDNet article describes "How buffer overflow attacks work."
- A Web site called The Cult of the Dead Cow offers a tutorial.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
InZero Systems launches hardware-based security gateway
New InZero gateway uses hardware to halt malware by separating the endpoint from the network and isolating desktop software.
DLP technology challenges security costs
Data leakage prevention requires more than just flipping a switch. If not implemented properly, DLP could return alerts that stymie business units and...
Endpoint protection best practices manual: Combating issues, problems
In this endpoint protection best practices manual, you will learn how to employ effective endpoint security controls, technologies and policies, and...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
brute force cracking  (SearchSecurity.com)
Crash Course: Spyware  (SearchSecurity.com)




Get More buffer overflow Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts