Buffer Overflow Flashcards
The most common and used attack methods.
What is a buffer?
A. A permanent data storage
B. A memory segment for code execution
C. A temporary data storage area
D. A device driver interface
Answer: C
Explanation:
A buffer is a temporary storage region for data being transferred.
What causes a buffer overflow?
A. Too many threads
B. Excessive CPU usage
C. Writing more data than a buffer can hold
D. Lack of file descriptors
Answer: C
Explanation:
Buffer overflow happens when data exceeds the allocated memory space.
Which language is most prone to buffer overflow vulnerabilities?
A. Java
B. Python
C. C
D. Perl
Answer: C
Explanation:
C lacks built-in bounds checking mechanisms.
What is the most common type of buffer overflow attack?
A. Heap-based
B. Format string
C. Stack-based
D. Integer overflow
Answer: C
Explanation:
Stack-based attacks are easier and more common.
Which segment holds dynamically allocated memory?
A. BSS
B. Data
C. Heap
D. Stack
Answer: C
Explanation:
Heap is for dynamic memory (e.g., malloc).
Which segment stores local variables inside functions?
A. Stack
B. Data
C. Heap
D. BSS
Answer: A
Explanation:
Stack holds function call data, including local variables.
Which historical worm first exploited a buffer overflow?
A. SQL Slammer
B. Stagefright
C. Morris Worm
D. Code Red
Answer: C
Explanation:
The Morris Worm in 1988 used a buffer overflow vulnerability.
Buffer overflow often leads to what kind of memory issues?
A. Memory swapping
B. Memory leaks
C. Memory access violations
D. Memory garbage collection
Answer: C
Explanation:
It can overwrite memory leading to crashes or code execution.
What is SEHOP designed to protect against?
A. Heap fragmentation
B. Pointer arithmetic
C. SEH overwrite via stack overflow
D. Format string attacks
Answer: C
Explanation:
SEHOP blocks attacks on the exception handler system.
Which of the following is a runtime protection mechanism?
A. Firewall
B. IDS
C. ASLR
D. Encryption
Answer: C
Explanation:
Address Space Layout Randomization (ASLR) makes memory layout unpredictable.
Which type of attack overwrites the return pointer in the stack?
A. Format string attack
B. Stack-based overflow
C. Heap spraying
D. SQL injection
Answer: B
Explanation:
Stack overflows target return pointers to change program control.
What function is unsafe due to lack of bounds checking?
A. fgets()
B. printf()
C. gets()
D. memcpy()
Answer: C
Explanation:
gets() reads input without limiting size, causing overflows.
Which language is less vulnerable to buffer overflows?
A. C
B. Java
C. C++
D. Assembly
Answer: B
Explanation:
Java has built-in bounds-checking and memory management.
What does DEP stand for in buffer overflow protection?
A. Dynamic Execution Protocol
B. Data Entry Prevention
C. Data Execution Prevention
D. Device Event Processing
Answer: C
Explanation:
DEP marks memory as non-executable to block code execution.
Which segment stores global variables initialized to zero?
A. Stack
B. Heap
C. BSS
D. Text
Answer: C
Explanation:
The BSS segment holds zero-initialized global/static variables.
Which of the following does ASLR protect against?
A. Timing attacks
B. Side-channel attacks
C. Predictable memory layouts
D. Network sniffing
Answer: C
Explanation:
ASLR randomizes memory layout to prevent accurate attack targeting.
Buffer overflow attacks typically result from:
A. Invalid port access
B. Poor memory management
C. Slow network access
D. Log file corruption
Answer: B
Explanation:
Inadequate memory checks or allocation causes overflows.
What enables an attacker to execute arbitrary code using buffer overflow?
A. Code injection
B. DOS attack
C. SQL injection
D. Cross-site scripting
Answer: A
Explanation:
Buffer overflows often allow attackers to inject and run code.
What happens if an attacker overwrites a function pointer?
A. The program halts
B. The pointer is freed
C. The attacker controls program flow
D. Nothing, it is ignored
Answer: C
Explanation:
Control flow is hijacked if function pointers are compromised.
The process of copying more data than the buffer can handle is called:
A. Memory leak
B. Buffer overrun
C. Data injection
D. Stack unwinding
Answer: B
Explanation:
Buffer overrun is a synonym for buffer overflow.
Which part of memory contains executable code of a program?
A. Heap
B. Stack
C. Text segment
D. Data segment
Answer: C
Explanation:
The text segment holds the executable machine instructions.
Which of these vulnerabilities may arise from incorrect format specifiers?
A. Heap overflow
B. Format string attack
C. Buffer underrun
D. Memory leak
Answer: B
Explanation:
Format string vulnerabilities exploit unchecked input in format functions.
The ‘memcpy()’ function is unsafe because:
A. It is slow
B. It works only in Windows
C. It lacks bounds checking
D. It encrypts memory
Answer: C
Explanation:
Like other low-level functions, it does not check for buffer limits.
Which is a valid way to prevent buffer overflows in code?
A. Ignoring user input
B. Using unsafe functions
C. Implementing bounds checks
D. Running programs without memory
Answer: C
Explanation:
Checking input size and using safe functions helps prevent overflows.
Which language has built-in buffer overflow protection?
A. Java
B. C
C. Assembly
D. C++
Answer: A
Explanation:
Java automatically manages memory and checks bounds.
Heap-based overflows are harder to exploit because:
A. Heap is read-only
B. Heap uses encryption
C. Heap layout is more complex and varies
D. Heap cannot overflow
Answer: C
Explanation:
Heap overflows are complex due to dynamic and less predictable layout.
Which OS-level feature marks memory regions non-executable?
A. ACL
B. ASLR
C. DEP
D. VPN
Answer: C
Explanation:
DEP prevents code execution in data-only memory areas.
Which kind of buffer overflow affects data structures like the SEH?
A. Heap-based overflow
B. Structured exception overwrite
C. Stack unwinding
D. Buffer underflow
Answer: B
Explanation:
SEH overwrite protection helps mitigate this specific exploit.
Which attack uses excess input to overwrite adjacent memory?
A. Format string attack
B. Buffer overflow
C. Phishing
D. Race condition
Answer: B
Explanation:
Buffer overflow allows overwriting adjacent memory.
Why are interpreted languages safer against buffer overflows?
A. They use more RAM
B. They don’t allow function calls
C. They manage memory automatically
D. They are slower
Answer: C
Explanation:
Languages like Python and Java handle memory and check bounds automatically.
Define buffer overflow.
Answer:
A buffer overflow occurs when more data is written to a buffer than it can hold, leading to adjacent memory being overwritten.
Explanation:
It’s a common programming error with severe security implications.
What is the main consequence of a buffer overflow?
Answer:
It can cause data corruption, crashes, or arbitrary code execution.
Explanation:
Overflow may overwrite function return addresses or data.
Differentiate between stack-based and heap-based buffer overflow.
Answer:
Stack-based overflows target the stack (e.g., return addresses), while heap-based overflows corrupt dynamically allocated memory.
Explanation:
Stack attacks are more common;
heap attacks are harder to exploit.
How does ASLR protect against buffer overflow attacks?
Answer:
It randomizes memory address spaces, making it difficult for attackers to predict memory locations.
Explanation:
This breaks assumptions attackers rely on for exploit success.
What is the function of the BSS segment?
Answer:
It stores uninitialized global and static variables.
Explanation:
These are initialized to zero by the OS.
Give an example of a vulnerable C function.
Answer:
gets() is a classic example because it lacks bounds checking.
Explanation:
It can overflow a buffer if user input exceeds its size.
What makes C/C++ vulnerable to buffer overflows?
Answer:
Lack of automatic bounds-checking and manual memory management.
Explanation:
Programmers must manage memory safely, which is error-prone.
Mention one historical buffer overflow attack.
Answer:
The Morris Worm in 1988.
Explanation:
It exploited a buffer overflow in fingerd.
How does DEP work?
Answer:
It marks certain memory regions as non-executable.
Explanation:
This prevents injected code from executing in those regions.
What is SEHOP and what does it protect?
Answer:
Structured Exception Handler Overwrite Protection prevents attackers from overwriting exception handlers using stack-based overflows.
Explanation:
It stops attacks that hijack SEH structures.
Why is buffer overflow still common despite being well-known?
Answer:
Code complexity, legacy systems, and error-prone prevention techniques.
Explanation:
Developers still make memory-related mistakes.
What kind of programs are most vulnerable to buffer overflows?
Answer:
Programs written in C/C++ that process external input.
Explanation:
Especially if they lack input validation and bounds checking.
Name one secure alternative to gets().
Answer:
fgets()
Explanation:
It allows you to specify the number of bytes to read.
Why are interpreted languages less prone to buffer overflow?
Answer:
They manage memory and perform automatic bounds-checking.
Explanation:
They abstract memory handling from the programmer.
What is the risk of overwriting the return address in a function?
Answer:
It can allow an attacker to redirect execution flow.
Explanation:
Control is transferred to potentially malicious code.
Give an example of a buffer overflow prevention technique at the coding level.
Answer:
Use of safer functions like strncpy() instead of strcpy().
Explanation:
These functions enforce size limits.
What is a format string attack?
Answer:
An attack exploiting functions like printf where unchecked input is interpreted as format specifiers.
Explanation:
It can expose memory or crash programs.
How can input validation prevent buffer overflows?
Answer:
By ensuring data does not exceed expected sizes before processing.
Explanation:
It helps maintain buffer boundaries.
What is the role of the stack in a buffer overflow?
Answer:
It holds local variables and return addresses which can be overwritten in stack-based overflows.
Explanation:
Overwriting return addresses redirects execution.
What does a typical buffer overflow attack try to achieve?
Answer:
Gain control of a system or execute arbitrary code.
Explanation:
It compromises the integrity and control flow of a program.
Explain the working of a buffer overflow attack with an example.
Answer Outline:
- Definition of buffer overflow
- Example in C using gets()
- Overwriting return address
- Attacker injects shellcode
- Redirects program control
Example: Morris worm or crafted stack overflow
Prevention: input validation, safe functions
Compare and contrast stack-based and heap-based buffer overflows.
Answer Outline:
- Stack-based: targets return addresses on the stack
- Heap-based: affects dynamically allocated memory
- Stack attacks: easier to execute, more common
- Heap attack: harder, requires detailed knowledge of memory layout
Both allow arbitrary code execution
Discuss the causes of buffer overflow vulnerabilities.
Answer Outline:
- Poor memory management
- Lack of input validation
- Use of unsafe functions (gets(), strcpy(), etc.)
- Assumptions about input size
- Complex code structures
- External input dependency
What are the consequences of a buffer overflow attack on a system?
Answer Outline:
- System crash
- Unauthorized code execution
- Loss of access control
- Data leakage
- Privilege escalation
- Launching other attacks (e.g., malware)
Describe at least three mitigation techniques for buffer overflows.
Answer Outline:
- Address Space Layout Randomization (ASLR)
- Data Execution Prevention (DEP)
- Structured Exception Handler Overwrite Protection (SEHOP)
- Code auditing and secure programming practices
- Safe programming languages (Java, Python)
- Compiler-level protections (StackGuard, Canary)
Explain the role of memory segments in buffer overflows.
Answer Outline:
- Overview of memory layout: Text, Data, BSS, Heap, Stack
- Buffer overflows usually affect the Stack and Heap
- Stack: return address manipulation
- Heap: object overwrite, pointer redirection
Why are C and C++ more vulnerable to buffer overflows than languages like Java or Python?
Answer Outline:
- Manual memory management
- No built-in bounds checking
- Direct access to pointers and memory
- Java/Python: abstract memory access, automatic bounds checking
- Example comparisons between strcpy() and String class usage
Analyze the impact of buffer overflow vulnerabilities in modern software applications.
Answer Outline:
- Used in malware, worms (e.g., Code Red, SQL Slammer)
- Exploits in browsers, PDF readers, OS components
- Often lead to full system compromise
- Affect public trust and data security
- Example: Adobe Acrobat Reader CVE-2021-21017
- Costly patches and downtime
Evaluate the effectiveness of runtime protections such as ASLR and DEP.
Answer Outline:
- ASLR: randomizes memory layout, deters predictable exploitation
- DEP: marks memory regions non-executable
- Together: significantly raise the bar for successful exploits
- Limitations: can be bypassed with advanced techniques
- Example of a hardened vs. vulnerable system
Propose a secure software development lifecycle (SDLC) plan to minimize buffer overflow risks.
Answer Outline:
- Secure coding practices from design to deployment
- Input validation and bounds checking
- Use of memory-safe libraries and languages
- Regular code audits and static analysis
- Runtime protections and patching strategy
- Developer training and secure testing phases
