•A
buffer is defined with a fixed length
•End
user supplies the data to go into the buffer
•More
data than the buffer has allocated is supplied
•Buffer
is overflowed
•If we
can overwrite certain portions of the running program’s memory space, we can possibly control the program
flow
•If we
can control program flow, we can (possibly) execute our own code
•If
the program is a network daemon we can remotely gain access
•If
the program is SUID root, we can potentially elevate privileges
•If
the program is a daemon running as root, we can potentially gain remote root privileges