Buffer Underflow Attack

Buffer Underflow Attack

Feroz Khan Feroz Khan

Feroz Khan

Published Sep 5, 2019
+ Follow

Many of you heard about a Buffer overflow, that's an obvious thing. It's a software flaw generally due to a buffer(a chunk of memory) overwrite or in simple term, you can imagine a glass of water. What happens if you keep putting water even after it becomes full? It'll obviously overflow because the glass has limited space to hold water. In a similar way, a buffer overflow occurs when you keeping putting a buffer beyond the limit.

But stay with me, that's not a topic for today. Buffer underflow is the exact opposite of how a buffer overflow works and too dangerous if exploited.

Heartbleed is one of the latest examples of computer security history that can occur again.

Heartbleed was a security bug in OpenSSL. OpenSSL is an open or free source SSL certificate which means you can use it freely. But a particular version of OpenSSL was not secure. Here is how it's work- OpenSSL work like sending a command by a client or my computer in my case to any server. Now, when a client sends a request to a particular server like, "Hello server, Do you hear me?" Now, Server will respond. But the problem here is with that particular version, "Hello server, Do you hear me?" is a client-side command which can be the influence of attacker. How? Let see.

When I sent a server "Hello server, Do you hear me?" It doesn't check the limit of the character of my particular command. Now, Imagine if I say, Hello server, Do you hear me? and with it, I instructed the server to give me the sentence in 94,000 lines. It doesn't make sense and in normal case, the server should turn down such request. But with this affected particular version of the OpenSSL, it doesn't. It'll give my response like, "Hello Feroz, I can hear you" and then it'll also give me 94,000 other lines too as requested. This 94,000 lines may contain private keys, sessions tokens, cryptographic keys etc which can be a huge problem because as an attacker, I can impersonate you or anyone else whose session token I stolen.

Well, it was a really huge security bug because it affected nearly half of the internet traffics.

And that's one example of Buffer Underflow attack.





To view or add a comment, sign in

More articles by Feroz Khan

  • Quantum mechanics
    Oct 20, 2019

    Quantum mechanics

    Today, I'm gonna tell you about quantum mechanics. Well, interesting thing is logic and intuition don't apply here like…

  • CTF Challenge for a job?
    Oct 9, 2019

    CTF Challenge for a job?

    Yup, you heard it right. Two weeks ago, I got a CTF challenge in order to get a job in the XXX company.

  • Spectre and the general thing about hardware Security.
    Aug 30, 2019

    Spectre and the general thing about hardware Security.

    First of all, I request you all to look at this picture. The picture you're looking at is the worst flaw or in security…

  • Where to start hacking?
    Aug 25, 2019

    Where to start hacking?

    A lot of people nowadays asked me this question. So, let me tell you, I don't know where to start hacking.

    3 Comments
  • General things about AI.
    Aug 22, 2019

    General things about AI.

    Until yesterday, we had concerned about getting a nuclear attack. But now, we have a new threat- AI( Artificial…

See all articles

Others also viewed

Explore content categories