•A buffer is defined with a fixed length
•End user supplies the data to go into the buffer
•More data than the buffer has allocated is supplied
•Buffer is overflowed
•If we can overwrite certain portions of the running program’s memory space, we can
possibly control the program flow
•If we can control program flow, we can (possibly) execute our own code
•If the program is a network daemon we can remotely gain access
•If the program is SUID root, we can potentially elevate privileges
•If the program is a daemon running as root, we can potentially gain remote root privileges