Module 7˸ Buffer Overflows

With regard to buffer overflow attacks, which of the statements below is NOT true?

Buffer overflow vulnerabilities occur less frequently than other vulnerabilities

Which programming language is particularly susceptible to buffer overflows due to standard library functions used to copy or append strings that fail to perform boundary checks?

C

Which defense to protect against buffer overflow attacks involves range checking of indices, which is a defense that guarantees 100% protection from buffer overflow attacks?

Compiler techniques

Which type of buffer overflow have been the most prominent software security bugs?

Heap-based buffer overflows

Which type of buffer overflow can overwrite the return pointer of a function so that the flow of control switches to malicious code that has been pushed onto the stack as data?

Stack-based buffer overflows

Which of the following is a challenge that an attacker faces when trying to force a buffer overflow?

The attacker must determine the size of the buffer

What is the term used to describe contiguous blocks of memory used to store data?

buffer

A contiguous block of memory containing data that uses a last in, first out mechanism is referred to as what?

stack

A stack frame contains which of the following items?

the arguments to a function the data required to restore the previous stack frame its local variables

What two events take place when an item is pushed onto the stack?

the size of the item is subtracted from the stack pointer all the bytes of the item are copied into the stack segment