A buffer overflow is a weak point that exists when it is possible to copy more data into a buffer (memory area) than it can process.
Nowadays the most relevant buffer overflows are stack buffer overflows and heap buffer overflows. The stack and heap are elements of the main memory that are made available to the executing program by the operating system.
When does a buffer overflow attack occur?
A buffer overflow occurs when data is copied using functions that do not perform length checking – or when a programmer uses such a function and does not perform length checking. Buffer overflow is therefore not malware, but the exploitation of a vulnerability.
If a buffer is written with more data than it can hold by a function that does not perform a length check, a buffer overflow occurs. In this case, memory areas that are reserved for other purposes and do not belong to this buffer are overwritten. In the best case, it comes to a crash of the program or the system. In the worst case, if the input stream is cleverly chosen, the attacker manages to gain control over the program flow and execute targeted code. This works by writing shellcode (code that leads to shell access) to the buffer and attempting to write to the memory area that contains the return address. If you control the return address, you can try to jump to the shellcode and it will be executed.
Vulnerabilities such as buffer overflow do not necessarily have to be exploited by those who discover them. Anyone who discovers a vulnerability in a program can inform the manufacturer about it. The manufacturer then has the opportunity to fix the vulnerability with an update.
Effective countermeasures for buffer overflow include DEP (Data Execution Prevention), which marks memory areas as non-executable and can thus prevent the execution of shellcode.
ASLR (Address Layout Randomization) is a technique that randomizes the addresses of functions in memory, which makes it difficult to accurately manipulate return addresses.
Stack smashing protection, whose measures include storing the return address outside the stack or generating a control value (canary) from the return address so that tampering is obvious.
If the buffer overflow vulnerability is successfully exploited, the rights that the program or service have on the system are used. This means that as a rule, assuming role-based rights management, when taking over a web or mail server, you only get the restricted rights that this service has. The situation is different with system services. In the case of the Eternalblue SMB vulnerability, after the exploit has been successfully exploited, one acts as an “NT Authority \ System” (account with the highest rights on a local Windows system). If it is not used successfully, the program or system usually crashes and thus leads to a “Denial of Service”.
Source : https://www.acunetix.com/wiki/web-security-zone/what-is-buffer-overflow/
Format string attack
Classic format string attacks or vulnerabilities belong to the class of programming errors. A frequently used function in the “C” programming language is printf (). This is a function of the string processing family. Its functionality is to output a string and, if desired, also passed values (e.g. input) in the desired formatting – i.e. an instruction on how to assemble a string.
Inputs or values are also stored in the stack. If a programmer does not specify a format, this means that it is not precisely defined which data type is expected (input validation). This gives an attacker the opportunity to determine some or all of the contents of the format string and thus trigger a buffer overflow.
The only effective countermeasure for the buffer overflow vulnerability is clean and security-conscious programming and source code screening by specialists.
The exploitation of this vulnerability can lead to an attacker reading out areas of the stack, executing code or causing a segmentation error (memory access violation) in the running application.