Ch. 10 - Buffer Overflow
A stack buffer overflow attack is also referred to as ______. A)stack smashing B)stack framing C)buffer overrunning D)heap overflowing
A. Stack smashing
A runtime technique that can be used is to place ________ between critical regions of memory in a processes address space. A)guard pages B)library functions C)shellcodes D)MMUs
A.) Guard pages
The _________ aims to provide useful information to people who perform penetration testing,IDS signature development,and exploit research. A)Metasploit Project B)Manhattan Project C)Levy Project D)RAD Project
A.) Metasploit Project
The x86 Assembly Language Instruction NOP means _______. A)no operation or do nothing instruction B)call function at addr C)software interrupt to access operating system function D)no push value onto the stack
A.) no operation or do nothing instruction
In 1996 ________ published "Smashing the Stack for Fun and Profit" in Phrack magazine,giving a step-by-step introduction to exploiting stack-based buffer overflow vulnerabilities.
Aleph One
A ______ is a structure where data are usually saved on the stack. A)guard page B)stack frame C)heap D)NOP sled Multiple Choice
B. Stack frame
Memory is requested from the ______ by programs for use in dynamic data structures,such as linked lists of records. A)shell B)heap C)address space D)ROM
B.) Heap
Randomizing the allocation of memory on the heap makes the possibility of predicting the address of targeted buffers extremely difficult,thus thwarting the successful execution of some __________ attacks. A)vulnerability B)heap overflow C)MMU D)stack overflow
B.) Heap overflow
The first widely used occurrence of the buffer overflow attack was the _______. A)Code Red Worm B)Morris Internet Worm C)Sasser Worm D)Slammer Worm Multiple Choice
B: Morris Internet Worm
A _______ can occur as a result of a programming error when a process attempts to store data beyond the limits of a fixed-size buffer. A)shellcode B)program overflow C)buffer overflow D)library function Multiple Choice
C. Buffer overflow
_________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled. A)Stack buffers B)Guard pages C)Compile-time defenses D)Library functions
C.) Compile-time defenses
In 2004 the ________ exploited a buffer overflow in Microsoft Windows 2000/XP Local Security Authority Subsystem Service. A)Morris Internet Worm B)Code Red Worm C)Sasser Worm D)Slammer Worm
C.) Sasser Worm
________ involve buffers located in the program's global (or static)data area. A)Heap overflows B)Stack buffer overflows C)Position overflows D)Global Data Area Overflows
D.) Global Data Area Overflows
The _______ exploited a buffer overflow in Microsoft SQL Server 2000. A)Morris Internet Worm B)Code Red Worm C)Sasser Worm D)Slammer Worm
D.) Slammer Worm
An essential component of many buffer overflow attacks is the transfer of execution to code,known as _______,supplied by the attacker and often saved in the buffer being overflowed. A)NOP code B)stack code C)heap code D)shellcode
D.) shellcode
Shellcode is not specific to a particular processor architecture.
F
The JAVA programming language is extremely vulnerable to buffer overflows.
F
The attacker is able to precisely specify the starting address of the instructions in the shellcode.
F
The buffer overflow type of attack is one of the least commonly seen attacks.
F
The only consequence of a buffer overflow attack is the possible corruption of data used by the program.
F
_______ can be placed between stack frames or between different allocations on the heap to provide further protection against stack and heap overflow attacks,but at cost in execution time supporting the large number of page mappings necessary.
Guard pages
________ attacks can occur in a binary buffer copy when the programmer has included code to check the number of bytes being transferred,but due to a coding error,allows just one more byte to be copied than there is space available.
Off-by-one
The _________ project produces a free,multiplatform 4.4BSD-based UNIX-like operating system.
OpenBSD
Stackshield,Return Address Defender and ________ are GCC compiler extensions that insert additional function entry and exit code.
Stackguard
A stack overflow can result in some form of denial-of-service attack on a system.
T
A successful buffer overflow attack results in the loss of the function or service the attacked program provided.
T
An effective method for protecting programs against classic stack overflow attacks is to instrument the function entry and exit code to setup and then check its sack frame for any evidence of corruption.
T
Buffer overflow attacks result from careless programming in applications.
T
Buffer overflows can be found in a wide variety of programs.
T
C's designers placed much more emphasis on space efficiency and performance considerations than on type safety.
T
Several of the items in the CWE/SANS Top 25 Most Dangerous Software Errors list, Risky Resource Management category,are buffer overflow variants.
T
The possibility of overwriting the saved frame pointer and return address forms the core of a stack overflow attack.
T
The responsibility is placed on the assembly language programmer to ensure that the correct interpretation is placed on any saved data value.
T
To exploit any type of buffer overflow the attacker needs to understand how that buffer will be stored in the processes memory.
T
_______ was one of the earliest operating systems written in a high-level language.
UNIX
A ________ is a condition where more input is placed into a buffer or data holding area than the capacity allocated and thus overwrites other information.
buffer overflow
A _________ can occur as a result of a programming error when a process attempts to store data beyond the limits of a fixed-sized buffer and consequently overwrites adjacent memory locations.
buffer overflow
______ defenses involve changes to the memory management of the virtual address space of processes that act to either alter the properties of regions of memory or to make predicting the location of target buffers sufficiently difficult to thwart many types of attacks. A)Buffer B)Position independent C)Run-time D)Compile-time
c.) Run-time
______ defenses aim to harden programs to resist attacks in new programs.
compile-time
At the basic machine level,all of the data manipulated by machine instructions executed by the computer processor are stored in either the processor's registers or in ________.
memory
One of the restrictions on the content of shellcode is that it has to be _______,which means that it cannot contain any absolute address referring to itself.
position independent
_______ defenses aim to detect and abort attacking existing programs.
run-time
The function of the _______ was to transfer control to a user command line interpreter that gave access to any program available on the system with the privileges of the attacked program.
shellcode
The attacker can specify the return address used to enter code as a location somewhere in the run of NOPs,which is called a NOP ______.
sled
A _______ overflow occurs when the targeted buffer is located on the stack,usually as a local variable in a function's stack frame.
stack buffer
