does buffer overflow still exist?

Question

I was watching a university lecture about buffer overflow, and the professor ended up saying

even if we were able to fill the buffer with exploit code and jumped into that code, we still can not execute it..

the reasons - he mentioned - are:

1. programmers avoid the use of functions that cause overflow.

2. randomized stack offsets: at start of program, allocate random amount of space on stack to make it difficult to predict the beginning of inserted code.

3. use techniques to detect stack corruption.

4. non-executable code segments: only allow code to execute from "text" sections of memory.

now I wonder, does buffer overflow attack still exist nowadays? or it is out-of-date.

detailed answer will be very appreciated!

Answer 1

1. Not all of us. There's a bunch of new programmers every day. Does our collective knowledge that strcpy is bad get disseminated to them magically? I don't think so.

2. Difficult, yes. Impossible, no. Any vulnerability that can be turned into an arbitrary read can defeat such protections trivially.

3. Indeed we can detect stack corruption, under certain circumstances. Canaries, for instance, may be overwritten, their value is compiler dependent, and they might not protect against all kinds of stack corruption (e.g. GCC's -fstack-protector-strong protects against EIP overwrite, but not other kinds of overrun)

4. W^X memory is a reality, but how many OS's have adopted it for the stack? That'd be an interesting little research project for your weekend. :) Additionally, if you look into return-oriented-programming (ROP) techniques (return-to-libc is an application of it), you'll see it also can be bypassed.