P1L2

Question 1

buffer overload (stack overflow, memory overflow)

Answer 1

­ inserting extra instructions into a command to force an overflow that inserts calls to malware

Question 2

stacks are used

Answer 2

• in function/procedure calls

- allocation of memory for: local variables, parameters­control information (return address)

Question 3

Vulnerability of the password checking

Answer 3

• Passwords do not keep copy of your password
• allowing the user to insert a longer password, which bypasses the check procedure (does not check the password length to prevent overflow)
• Any password of length greater than 12 bytes that ends in ‘123’
• ­Any password of length greater than 16 bytes that begins with ‘MyPwd123’

Question 4

Stack

Answer 4

• shrinks and grows with the pushing and popping of data on and off the stack
• grows from high to low addresses

Question 5

shellcode

Answer 5

• a shell that executes any code the attacker wants
• must be in machine code so that can be inserted directly into memory
• must have a legitimate return address

Question 6

attacker code’s privileges

Answer 6

same as YOU!

• ­the host program’s
• ­system service or OS root privileges ­, if the program is a system service

Question 7

NVD stands for

Answer 7

national vulnerability database

Question 8

CVE stands for

Answer 8

common vulnerability and Exposure

Question 9

How many vulnerabilities in our system in:

a. NVD
b. 3 months
c. 3 years

Answer 9

a. 70000
b. ~100
c. 1000+

Question 10

return-to-libc

Answer 10

the return address is overwritten to point to a function in a library. The function can then be executed with parameters of the attacker’s choice

Question 11

Heap Overflows

Answer 11

• The heap does not store return addresses
• Data can be tables of function pointers. So the attacker can modify a function pointer to point to malware. This is more sophisticated than buffer overflow.

Question 12

OpenSSL Heartbleed Vulnerability

Answer 12

• e the attacker asks for more data than usual. This may expose sensitive data

Question 13

defense against overflow

Answer 13

• language choice
• check all inputs (all input is evil)
• use functions that (are safer,) do bound checking
• use automatic tools to analyze vulnerability

Question 14

language choice to prevent overflow

Answer 14

• ­should be strongly typed
  ­- should do automatic bounds checks
• ­should do automatic memory management
  ex: java, C++, OOP, strongly typed languages.
  buffer overflow is impossible due to runtime system check

Question 15

a drawback of a secure language

Answer 15

possible performance degradation

Question 16

Stack canaries

Answer 16

a canary values is written into the stack frame, just before the return address. IF the canary value is modified, then there is a good possibility the return address has been changed. Thus an overflow is detected

Question 17

Address Space Layout Randomization (ASLR)

Answer 17

• randomizes the stack, heap, libc

- can be used with Non­executable Stack. This requires hardware support