Buffer Overflow Attacks: Detect, Exploit, Prevent

Curl, or better known as cURL, is an open-source utility for sending or receiving files using URL syntax. In 2002, a buffer overflow was discovered in versions 6-7.4 of this software. This utility was included in distributions of Debian GNU/Linux 2.2 and FreeBSD (prior to 4.2 release). A buffer overflow exists in the part of its code that handles error messages sent from a remote host. It is a simple buffer overflow of a stack-based variable. When a remote server sends a long enough error message, it may overwrite contents of the stack, leading to the stack overflow and this can be further leveraged into execution of arbitrary code. Details of exploiting stack overflows are explained in Chapter 5. Below is a sample exploit code that acts a malicious server and sells a long string that includes the shellcode. The shellcode is executed on the stack and writes the string "Owned by a cURL ;)" to the file /tmp/0wned.txt. It is rather easy to change this shellcode to a reverse shell exploit or any other. Extra care needs to be used, because in the process cURL can modify the received buffer. Below are the exploit code and its analysis.
<b class="bold">1</b> #!/usr/bin/perl <b class="bold">2</b> # Remote FreeBSD cURL exploit for versions 6.1 - 7.3 <b class="bold">3</b> # <b class="bold">4</b> # Written by the Authors of Buffer Overflows <b class="bold">5</b> # Additional detailed info can be found @ www.applicationdefense.com <b class="bold">6</b> # <b class="bold">7</b> # This exploit, which has been tested to work with...