What is a buffer overflow?

A buffer is a pre-allocated area of memory where you store your data while you're processing it. Basically it's just saying that from a certain address in memory until memory address + x Bytes is reserved to allocate data. In C this is often called an array.

A buffer overflow happens when you assign more data than can fit into the buffer and overwriting the code beyond memory address + x. You might have done this before and you will notice that your program crashes. Now the problem is that somewhere beyond your buffer is the return address (this is pointing to the next instruction that will be executed after assigning the buffer and loading the data into it) and if you overwrite it with random data your program will crash. However if you manage to load byte code (this is a compiled program which the CPU can directly execute) and you can actually make it point to your program, then you can execute code on that machine.

Now you might think that this is not really an issue if you are running it locally, but imagine programs like SSH or FTP servers which run on the internet or imagine a restricted environment where certain programs run with elevated privileges. If you were able to execute code within the context and privileges of the other program, you could be able to break out of your restrictions or take over a remote server.

If you want to know more about assembly, bufferoverflows and shellcode, I suggest buying the Shellcoder's Handbook. It's THE book to learn this stuff.