Tag Archives: Buffer Overflow

Valve Resolves Steam Gaming Client Vulnerability

The games company Valve Corporation known primarily for their gaming client Steam have updated it to resolve a critical vulnerability which has been inadvertently present within Steam for the last 10 years.

Why should this vulnerability be considered important?
Due to the many millions of Steam users and the fact this vulnerability is remotely exploitable (since the attacker does not need to first have access to the victim system) makes this vulnerability more serious. An attacker would only have needed to send malformed UDP (defined) packets to a victim system for it to have Steam carry out instructions of their choice.

This vulnerability was a buffer overflow (defined) within one of Steam’s internal libraries (the general concept of a code library is defined here); more specifically code that dealt with UDP datagram reassembly.

How can I protect myself from this vulnerability?
In July 2017, the Steam client added Address Space Layout Randomisation (ASLR)(defined) making exploitation of the vulnerability more difficult which would then only crash the Steam client. If however an attacker combined an information leak which exposed the memory address of vulnerable library, even with ASLR enabled the result would have been the same.

Valve patched this vulnerability on April 4th. The Steam client by default updates automatically. Please open it and allow it to update to resolve this vulnerability.

Thank you.

May 2018 Update Summary

====================
Update: 5th June 2018:
====================
As discussed in the post below, the zero day vulnerability (defined) designated as CVE-2018-8174 (defined) patched by Microsoft last month has since been incorporated into the RIG exploit kit (defined). The attackers have used the extra detail provided from anti-malware vendors, GitHub (the popular source code repository) and MetaSploit (defined) to create this exploit.

As detailed below, the vulnerability is considered medium severity; however it also requires actions from the user before it take any malicious action usually opening a malicious file or visiting a malicious website.

Please use caution for any email that you receive with an attachment you weren’t expecting. Thank you.

====================
Update: 31st May 2018:
====================
A vulnerability in the JScript (Microsoft’s implementation of JavaScript (defined) has been responsibility disclosed (defined) by Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro’s Zero-Day Initiative (ZDI). At this time, this vulnerability is un-patched and is thus a zero day vulnerability (defined).

The vulnerability allows a remote attacker to execute malicious instructions of their choice on the victim’s system but only in the context of a sandboxed (defined) environment. In other words, the code cannot itself be used to fully compromise a system. It must be leveraged with another vulnerability to have the potential of fully compromising a system making the vulnerability less serious.

At this time, components within Windows such as wscript.exe and Internet Explorer should not not permitted to run untrusted JScript code. This mitigation (please see the heading near the end of the page named: “How To Tell Explorer To Open .JS Files With Notepad”) may be of assistance with implementing this recommendation.

I will update this post when this vulnerability is patched by Microsoft or when further information becomes available.

Thank you.

====================
Update: 18th May 2018:
====================
Other updates made available by Microsoft for the Spectre Variant 2 vulnerability are:

kb4100347

This update was not offered to my Windows laptop running Version 1803. As you know it contains an Intel Core i7 6500U CPU. I downloaded the version 1803 update from the Microsoft Catalog and it installed successfully. My system is showing the full green result when the PowerShell command Get-SpeculationConntrolSetting is run. It results in the final screenshot shown with this article. Further tips on running this useful command are provided in this Microsoft support article, please see the headings “PowerShell Verification using the PowerShell Gallery (Windows Server 2016 or WMF 5.0/5.1)” or “PowerShell Verification using a download from Technet (earlier operating system versions and earlier WMF versions)” depending on your version of Windows.

Microsoft have also issued an update for Windows version 1709 to resolve a vulnerability again introduced by their previous patch. This resolution was provided in update kb4103727. Further details are available in Alex Ionescu’s tweet (a security architect with CrowdStrike and Windows Internals expert). Previous Spectre V2 patches were kb4091666 and kb4078407

This issue was already addressed in version 1803 of Windows.

If any of the above updates apply for your version of Windows, please install them. If the updates are already present or are not required; the installation will not proceed when you manually attempt it.

Thank you.

====================
Update: 17th May 2018:
====================
Adobe have since issued further updates to resolve critical vulnerabilities within Adobe Acrobat DC, Adobe Reader DC and Photoshop. Further details of the zero day (defined) vulnerabilities addressed in Adobe Acrobat/Reader are available here and here.

Adobe Acrobat and Reader (priority 1, 47 CVEs)

Adobe Photoshop CC 2018 and 2017 (priority 3, 1 CVE).

Further updates are listed at the end of this post. Thank you.

====================
Update: 10th May 2018:
====================
Further details have emerged of another zero day (defined) vulnerability affecting Windows Server 2008 R2 and Windows 7.

CVE-2018-8120 is an elevation of privilege (defined) vulnerability but can only be exploited if the attacker has already compromised the user account of the system allowing the attacker to log in when they choose. Upon logging in the attacker could obtain kernel level access/permissions (defined) by elevating their privileges to carry out any action they choose.

The prioritised list below has been updated to reflect this. Thank you.
====================

====================
Original Post:
====================

====================
Apologies for only posting an update summary last month. Other commitments meant I didn’t have the bandwidth to contribute more. I’ll try to make more time this month. Thanks.
====================

Earlier today Microsoft released their scheduled monthly security updates resolving 67 vulnerabilities. Notably Windows 10 Version 1803 receives it’s first update this month. Windows Server 2016 Version 1803 remains in testing in advance of it’s upcoming release. As always Microsoft have provided further details are provided within their Security Updates Guide.

There are 4 knowledge base articles detailing potential issues (all of which are pending resolutions) you may experience upon installing these updates. They are listed below for your reference:

4103712

4103718

4103723

4103727

====================

Separately, Adobe released updates for 3 of their products, namely:

Adobe Creative Cloud Desktop Application (priority 2 (overall), 3x CVEs)

Adobe Connect (priority 2, 1x CVE)

Adobe Flash Player (priority 2, 1x CVE)

Non-Microsoft browsers should update automatically e.g. Google Chrome should release a browser update in the coming days or will use their component update feature (the update was not available at the time of writing). Like last month; Microsoft issued a security advisory containing details of their updates

As always; you can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page (since Secunia PSI was phased out on the 20th of April):
—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below. A useful list of all CVEs for this month is present here:
====================

Windows VBScript Engine Remote Code Execution Vulnerability (a zero day (defined) vulnerability)

Win32k Elevation of Privilege Vulnerability

Microsoft Edge and Internet Explorer (similar to last month multiple versions of Edge and IE affected with many of the CVEs affecting the Microsoft Scripting Engine))

Microsoft Hyper-V (Update 1 and Update 2)

Microsoft Office (detailed list available here)
====================
Please install the remaining updates at your earliest convenience.

One of the vulnerabilities addressed by Microsoft this month, namely CVE-2081-8897: Windows Kernel Elevation of Privilege Vulnerability arose due to the misinterpretation of documentation from Intel regarding how a CPU (defined) raise a debug (defined) exception to transfer control to debugging software (usually used by a software developer). The specific instructions were the assembly language instructions (defined) MOV to SS and POP to SS.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Thank you.

=======================
Malwarebytes Anti-Malware
=======================
Last week Malwarebytes updated their anti-malware product to version 3.5.1. The full list of improvements is available here but it also updated their include 7-Zip to version 18.05. I verified this manually since the above release notes did not make reference to it. Further details of the 7-Zip update are available in my April blog post.

Moreover; Directory Opus updated their product to version 12.8.1. Beta adding new DLLs (defined) for 7-Zip and UnRAR once again to address the vulnerabilities found within the UnRAR DLL also used by 7-Zip.

=======================
Mozilla Firefox:
=======================
This month Mozilla made available security updates for Firefox and Firefox ESR (Extended Support Release):

9th May: Firefox 60.0: Resolves 2x critical CVEs, 6x high, 14 moderate CVEs and  4x low severity CVEs

9th May: Firefox ESR 52.8: Resolves 2x critical, 5x high, 3x moderate CVEs

Further details of the security issues resolved by these updates are available in the links above. Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to resolve these security issues.

=======================
Google Chrome:
=======================
Google released Google Chrome version 66.0.3359.170 to address 4 number of vulnerabilities and to include a newer version of Adobe Flash Player.

One of the four vulnerabilities addressed relates to how Chrome handles browser extensions resolving a privilege escalation issue (defined). Further details are availability here.

=======================
Wireshark 2.4.7 and 2.6.1
=======================
v2.4.7: 6 security advisories

v2.6.1: 9 security advisories

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v2.6.1) or v2.4.7). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

=======================
USB Denial of Service (DoS) Will not Receive a Fix
=======================
In other vulnerability related news; a denial of service issue (defined) privately/responsibly disclosed (defined) by a security researcher Marius Tivadar will not fixed by Microsoft with a security update since the vulnerability requires physical access to the target system or social engineering (defined) and does not result an attacker being able to execute code of their choice on the affected system.

In my opinion; this is justified since if an attacker can obtain physical access to your system it significantly enhances the damage they can do. This statement also forms part of Microsoft’s 10 Immutable Laws of Security.

====================
Update: 31st May 2018
====================

=======================
VideoLAN VLC:
=======================
Yesterday VideoLAN made available VLC version 3.0.3 for Linux, Windows, macOS, BSD, Android, iOS, UWP and Windows Phone. It’s release notes detail one potential security issue (buffer overread  (defined)) and other 3rd party libraries being updated to address security issues. No specific numbers were provided. A large number of non-security issues were also resolved.

Please update to version 3.0.3 to benefit from these improvements.

=======================
Google Chrome:
=======================
Earlier this month Google made available version  67 delivering 34 security issues. The improvements part of this new version are discussed in this Bleeping Computer article.

Moreover this version includes an early implementation of a new user interface for the tabs, address bar, settings button (sometimes referred to as the “chrome” (no pun intended) of an application). This article provides more details and includes steps to enable the new UI. I have done so and it’s a subtle difference but I already really like it. The Incognito mode is even more noticeable. The UI also seems more responsive (but that may be placebo effect).

Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 stacked small horizontal lines, sometimes called a “hamburger” button) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.
=======================

=======================
Apple Security Updates:
=======================
In late May Apple made available the following updates. Interestingly while the updates were available; no specific details of the improvements they include (security or otherwise) are yet available.

Initially, further details of the updates made available by Apple are emerging. Sophos have theroized that Apple have made improvements to the iOS Messages app making it more stable and less susceptible to crashing. They are thus recommending that you install the iOS 11.4 update as soon as possible.

They also discuss the addition of a new security feature which blocks access to a mobile device if the passcode has not been entered within the last seven days. This change is expected to become part of 11.4.1 and a stricter form for iOS 12. After this time the Apple Lightning cable will only charge the device and not allow data access. This appears to be part of Apple’s response to law enforcement and forensics firms accessing Apple devices attempting to collect evidence of the device’s owner’s wrongdoings.

Further details have since emerged for these Apple security updates:

Apple iOS v11.4 (resolves 35x CVEs (defined))

Apple tvOS 11.4 (resolves 24x CVEs)

Apple watchOS 4.3.1 (resolves 20x CVEs)

Apple iTunes version 12.7.5 for Windows (resolves 16x CVEs)

Moreover, BleepingComputer have discussed two of the vulnerabilities patched were buffer overflows (defined) both present in the kernels (defined) of iOS, macOS, tvOS and watchOS.

=======================

Please see these links from Apple for advice on backing up your iPhone and iPad. Advice for updating tvOS is available here while the steps for updating the Apple Watch are available here.

As always; further details of these updates are available on Apple’s dedicated security updates page.

For advice on how to install updates for Apple devices, please see the steps detailed at the end of this Sophos blog post as well as this link (from my “Protecting Your PC” page).

=======================
Hitman Pro:
=======================
As recommended on my Tools and Resources page, Hitman Pro (now part of Sophos Security) has been updated to version 3.8.20 (Build 294). This update resolves a vulnerability relating to DLL hijacking (defined)(apologies; for this link you may need to dismiss several adverts before the requested page loads). Any previous version of the tool should update automatically when opened to the most recent version.

Ubuntu Issues Security Updates for April 2016

In the first week of April Ubuntu issued security updates to address vulnerabilities responsibly disclosed (defined) in the Ubuntu kernel (defined). Each vulnerability addressed was assigned a separate CVE identifier (defined).

Why Should These Issues Be Considered Important?
While no severities were assigned by Ubuntu to these issues any issue within the kernel can be consider high to critical severity (if it is remotely exploitable) since if control of the kernel can be obtained an attacker can then use that control to carry out any action of their choice. Ubuntu does however mention that the most severe of these issues can potential lead to remote code execution (the ability for an attacker to remotely carry out any action of their choice on your Ubuntu device) while the remainder can lead to denial of service conditions (defined).

The types of vulnerabilities addressed are varied and range from use-after-free (defined) vulnerabilities to timing side channel attacks (defined, in this case exploiting the timing within the Linux Extended Verification Module (EVM)) to a buffer overflow (defined) and incorrect file descriptor handling (defined).

How Can I Protect Myself From These Issues?
Within Ubuntu’s security advisory they provide the steps to download the appropriate updates for the version of Ubuntu that you are using. In addition, a system reboot is required for these updates to take effect.

In addition, 3 recent security advisories listed below were also made by available by Ubuntu, please ensure that you have followed the steps within each to ensure that you are protected from these vulnerabilities:

USN-2917-3: Firefox regressions: Addresses 34x CVEs
USN-2951-1: OptiPNG vulnerabilities: Addresses 5x CVEs
USN-2950-1: Samba vulnerabilities: Addresses 8 CVEs (among them the Badlock issue)

Thank you.

ISC Releases Security Updates for BIND (January 2016)

On the 19th of January Internet Systems Consortium (ISC) released 2 security updates to address critical and medium severity denial of service issues (defined) within their BIND DNS software.

Why Should These Issues Be Considered Important?
This critical severity remotely exploitable vulnerability is caused by a buffer overflow (defined) within a guard feature intended to prevent such an overflow. If an overflow occurred, it could cause BIND to exit. Examples of possible ways (not an exhaustive list) for this vulnerability to be exploited are provided by ISC within their first security advisory for these issues. For the remaining medium severity remotely exploitable issue an error in how BIND interprets specifically formatted text could cause an assertion (defined) again resulting in the possible exiting of BIND.

These issues affect a large number of versions (listed below) of BIND making them ever more important to address:

=======================
Critical Severity Issue: 9.3.0->9.8.8, 9.9.0->9.9.8-P2, 9.9.3-S1->9.9.8-S3, 9.10.0->9.10.3-P2
Medium Severity Issue: 9.10.0->9.10.3-P2
=======================

In addition, as mentioned by ISC, versions 9.3 to 9.8 of BIND are considered end of life and will not be receiving updates to address the critical issue. Currently supported versions of BIND are listed here.

Moreover, according to ISC, the critical issue has no workarounds or known mitigations. The medium severity issue can be mitigated by disabling debug logging (but only as a temporary measure until the appropriate update can be applied).

How Can I Protect Myself from These Issues?
If you use BIND (it is included with Linux distributions e.g. Redhat, Ubuntu etc.) to provide any DNS services within your company/organization or you know anybody who may be affected by these issues, please follow the advice within ISC’s security advisories to install the necessary updates to resolve these issues:

CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c
CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.

Thank you.

Schneider Electric Releases Critical PLC Security Update

On the 17th of December 2015 the Schneider Electric Corporation released a critical security update to address a buffer overflow (defined) vulnerability within the following Modicon M340 PLC (Programmable Logic Controller) products:

  • BMXNOC0401
  • BMXNOE0100
  • BMXNOE0100H
  • BMXNOE0110
  • BMXNOE0110H
  • BMXNOR0200
  • BMXNOR0200H
  • BMXP342020
  • BMXP342020H
  • BMXP342030
  • BMXP3420302
  • BMXP3420302H and
  • BMXPRA0100

This issue was responsibly disclosed (defined) to Schneider by an independent security researcher named Nir Giller.

Why Should This Issue Be Considered Important?
This security vulnerability is of critical severity since an attacker would find it easy to exploit according to the information within the ICS-CERT security advisory. In addition, once exploited it can provide the attacker with the ability to carry out any instruction of their choice (in other words remote code execution) within the Schneider product. The only workaround is to block port 80 of the Schneider device using a firewall. However, given that port 80 is used for HTTP communication, this workaround will prove restrictive.

How Can I Protect Myself from This Issue?
Schneider have released an update for these products that addresses this issue. Please follow the directions within this ICS-CERT security advisory which also references the advisory from Schneider for this issue to install the necessary update.

The ICS-CERT advisory also provides further recommendations in an effort to prevent exploitation of this vulnerability.

If you are unsure about how to upgrade the firmware of the affected Schneider products that you are using, please contact Schneider Technical Support for assistance.

Thank you.

Security Vulnerabilities Disclosed in Kaspersky and FireEye Products

Over the weekend a security researcher, Tavis Ormandy discovered a zero day security vulnerability in Kaspersky Anti-virus 2015 and 2016. The issue was a buffer overflow issue (defined) and could be exploited remotely by visiting a website of an attacker’s choice or receiving specifically crafted data packets from an attacker via the internet connection of the device the Kaspersky product is protecting.

Kaspersky quickly responded to update it’s products to resolve this issue and mentioned that they wish to add further mitigation strategies to prevent an issue such as this being found in their products in the future. In addition, Kaspersky already uses Data Execution Prevention (DEP)(defined here and here) and Address Space Layout Randomization (ASLR)(defined) in order to complicate the exploitation of such overflow attacks. A copy of the statement released by Kaspersky is available at the end of this blog post.

If you are using any of Kaspersky’s security products to protect your device, please ensure that it is up to date to protect against this vulnerability being exploited. Further information on updating a selection of Kaspersky products is provided below:

Updating Kaspersky Anti-Virus 2016
Updating Kaspersky Internet Security 2016
Updating Kaspersky Total Security 2016

Links to 2015 and previous products are also provided within the above pages.

If you have any questions, you can contact Kaspersky for assistance. Links to their product forums are provided on the right hand side of this page with contact links for their support teams for business and home users located at the end of the same page.

=======================

In a separate disclosure Kristian Erik Hermansen, a security researcher provided details of 4 vulnerabilities in FireEye’s security appliances. In addition, a further 30 flaws were discovered by his joint work with another researcher Ron Perris.

An official advisory (PDF) was published by FireEye with regards to the initial 4 vulnerabilities disclosed by Hermansen. This document provides further information as well as how to obtain the appropriate updates and further recommended best practices. If you use any of the affected products, please follow the steps within the advisory to patch these issues as soon as possible.

I will continue to monitor these issues and will update this blog post as more information becomes available.

Update: 15th September 2015: Further vulnerabilities were patched by FireEye in their products as documented in this advisory. However no further details concerning the issues previously discussed have been made available. If you use any of FireEye’s NX, EX, CM, AX or FX products please ensure that they are running the most current release available from FireEye as mentioned in both FireEye advisories.

Thank you.

Lenovo Releases Security Update For Laptop and Desktop Systems

Earlier this month computer manufacturer Lenovo released a security update for a wide range of its laptop and desktop systems.

The security update affects the Lenovo Service Engine (LSE). This is a utility created by Lenovo that becomes part of the computers BIOS (see Aside below for a definition) that downloads an application known as OneKey Optimizer. This application downloads updates for the computer’s BIOS, drivers updates for hardware and installs applications that are usually pre-installed when the computer leaves the Lenovo factory. Finally the application also sends non-personally identifiable system data to Lenovo servers.

As explained by Lenovo in their security advisory (see links provided below) in collaboration with an independent security researcher and Microsoft security vulnerabilities were found in the LSE (which included a buffer overflow attack (see Aside 2 below for a definition) and an attempted connection to a Lenovo test server). The LSE used the Microsoft Windows Platform Binary Table (WPBT). Microsoft has since provided updated security guidelines for using this capability of Windows. Since the LSE no longer meets those guidelines, Lenovo has chosen to remove all components of the LSE from the affected Lenovo systems.

Why Should These Issues Be Considered Important?
According to the US-CERT, the flaws within the LSE could allow a remote attacker to take control of the Lenovo system.

How Can I Protect Myself From These Issues?
As recommended by Lenovo in their advisories for laptops and desktop systems (both advisories are different), please update the BIOS of the affected systems using the steps provided in those advisories. Once updated the LSE disabler tool can be used to remove the vulnerable LSE components.

Thank you.

=======================
Aside:
What is a BIOS?

A Basic Input/Output System (BIOS) is the first piece of code that tells your computer what to do when it is first turned on. This involves 2 stages, the first stage involves a quick diagnostic of the computers components known as a power on self-test (POST).

The second stage involves brining your computer into a usable state by starting your operating system e.g. Linux, Mac OS X or Windows from the first bootable hard drive (or other drive) it locates.

The BIOS will also check for other bootable devices such as CDs/DVDs or USB jump drives. The goal being to find the next stage of the start-up process whether that be the much more common task of starting your operating system so that you can get to work or allowing you to repair computer or recover your data using emergency bootable discs/USB jump drives. Further information on computer BIOSes and how they are migrating to the newer Unified Extensible Firmware Interface (UEFI) architecture is available here.

=======================
=======================
Aside 2:
What is a Buffer Overflow attack?

A buffer is an area of computer memory set aside for a specific task. If data larger than that area is (attempted) to be stored in that area, that buffer will overflow. When an overflow happens the data that can fit in the buffer is stored in that buffer while the data that doesn’t fit spills over into memory adjacent to that buffer. Whatever data is stored in those locations is overwritten.

Within the overfilled memory areas (which now contain unintended data (from the point of view of another programs assuming they still contain valid data)) may have previously been another buffer, a programs data output or a pointer (defined below) to another area of memory.

At best this will result in the program using that value (that was overwritten) crashing or getting caught in an infinite loop (performing the same action again and again without ending). At worst, an attack could use a buffer overflow to their advantage.

This can result in an attacker being able to run/execute code of their choice by overwriting the return pointer of the program (due to the overflow that has happened) with a value of the attackers choosing. That value is placed there by the overspill into adjacent memory segments. When an operation is completed, instead of the program returning (using the location the return pointer is referencing) to the place where it was originally asked (called from) the program will instead go to the place in memory where the attacker has stored malicious code (since the attacker supplied this location by inserting a value of their choice (which is too large to fit in the buffer) as mentioned above).

=======================
A pointer is a variable (a segment of memory that stores a single value) that contains the address (in computer memory) of another variable.
=======================

The attacker’s code can then run with same privileges of the program which suffered the overflow. C and C++ functions (a set of instructions that carries out a specific action within a program) such as strcpy (string copy) and strcat(string concatenation/appending function) are just some examples of functions that are vulnerable to buffer overflows.

Such unsafe functions were replaced with functions that carried out the same task but checked the size of the input against the size of the buffer it was to be stored in and don’t allow an overflow to occur. These safe functions are now recommended by Microsoft. To enforce the use of safe functions the Banned Function Calls header file was created (also documented here). Other mitigations such as /GS cookies (discussed in a previous blog post) were also implemented to protect against buffer overflows.

Please note that it is only Microsoft that uses the newer safer functions mentioned above. Linux takes a different approach as does Apple but each results in safer code.

Update: 7th September 2015:
While the use of “safe” versions of common functions that operate on buffers are the preferred method of working with buffers, they are not perfect since they can suffer from incorrect calculations of the width of the buffer to allocate. If a mistake is made here by the programmer, a buffer overflow can still result. An example of a protected version of such a function (of the strcpy() function mentioned above) can be seen in the function declaration shown below that takes the width of the desired buffer as parameter would be:

strncpy(destination, source, width);

The above function declaration shows the name of the “safe” function, namely strncpy (notice the difference to the standard function with the name of strcpy, the “safe” function includes an extra “n”). The 3 parameters to this function are shown within the parentheses () otherwise known as brackets.

=======================
Update: 17th September 2015:
A detailed definition of a stack overflow is provided in a more recent blog post. This similar type of overflow can be a useful addition to the above explanation. Thank you.
=======================

A further reference for buffer overflow attacks is the following:

Smashing The Stack For Fun And Profit by Aleph One
http://phrack.org/issues/49/14.html#article
=======================