Buffer Overflow
Buffer overflows involve passing a parameter that is longer than that expected by
the function. The function does not validate that the length of the parameter is
less than or equal to that which was expected. The function then copies the
entire (overly long) parameter into a memory location that is too short, and as a
result some part of the functionÆs memory gets overwritten, often altering the parameter/call stack.
A targeted buffer overflow exploit puts specific values onto the call stack to cause specific actions to be
performed in the security context of the overflowed function (rather than in the
security context of the calling user). This exploit may bypass authentication if
the function was operating in a different security context from the caller,
especially if the function is remotely invoked and runs as local root.