9 1

Questions and Answers

What is a common attack mechanism that exploits buffer overflow vulnerabilities?

• Denial of service
• Cross-site scripting
• Buffer overflow (correct)
• SQL injection

What is shellcode?

• Code used to overflow a buffer (correct)
• Code used to harden programs
• Code used to detect and abort attacks
• Code used to protect a system from attacks

What are the consequences of buffer overflow?

• Loss of internet connection
• None of the above
• Physical damage to the computer
• Corruption of program data, unexpected transfer of control, and memory access violations (correct)

What is the traditional purpose of shellcode?

To transfer control to a user command-line interpreter (B)

What are some prevention techniques for buffer overflow?

Prevention techniques exist (A)

What are some targets of stack overflow variants?

Trusted system utilities (B)

Which worms exploited buffer overflow vulnerabilities?

Morris Internet Worm and Sasser (D)

What are the two broad defense approaches against buffer overflows?

Compile-time and run-time defenses (B)

What is the aim of compile-time defenses?

To harden programs to resist attacks in new programs (C)

What happens when a process attempts to store data beyond the limits of a fixed-sized buffer?

Buffer overflow occurs (D)

What are some safe coding techniques?

Auditing the existing code base and using safe libraries (B)

How can vulnerable programs be identified?

Inspecting program source, tracing program execution, and using tools such as fuzzing (C)

What can language extensions and safe libraries do?

Replace unsafe standard library routines (D)

Which programming languages are vulnerable to buffer overflow?

C and related languages (B)

What are some common unsafe C standard library routines?

gets(), sprintf(), strcat(), and strcpy( (D)

What do stack protection mechanisms do?

Add function entry and exit code to check the stack for signs of corruption (A)

What is a stack buffer overflow?

When the buffer is located on the stack (D)

What is the aim of run-time defenses?

To detect and abort attacks in existing programs (C)

Are modern high-level languages vulnerable to buffer overflow?

Yes, but they have overhead and limits on use (C)

What can be done to achieve executable address space protection?

Blocking the execution of code on the heap (B)

Flashcards are hidden until you start studying

Study Notes

1. Buffer overflow is a common attack mechanism.
2. Prevention techniques exist, but it is still a major concern due to buggy code and careless programming practices.
3. The Morris Internet Worm, Code Red, Slammer, and Sasser worms all exploited buffer overflow vulnerabilities.
4. Buffer overflow occurs when a process attempts to store data beyond the limits of a fixed-sized buffer.
5. Consequences of buffer overflow include corruption of program data, unexpected transfer of control, and memory access violations.
6. Identifying vulnerable programs can be done through inspection of program source, tracing program execution, and using tools such as fuzzing.
7. Modern high-level languages are not vulnerable to buffer overflow, but have overhead and limits on use.
8. C and related languages are vulnerable to buffer overflow and have a large legacy of widely used, unsafe code.
9. Stack buffer overflows occur when the buffer is located on the stack.
10. Some common unsafe C standard library routines include gets(), sprintf(), strcat(), and strcpy().