P1L2 Flashcards

1
Q

buffer overload (stack overflow, memory overflow)

A

­ inserting extra instructions into a command to force an overflow that inserts calls to malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

stacks are used

A
  • in function/procedure calls

- allocation of memory for: local variables, parameters­control information (return address)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability of the password checking

A
  • Passwords do not keep copy of your password
  • allowing the user to insert a longer password, which bypasses the check procedure (does not check the password length to prevent overflow)
  • Any password of length greater than 12 bytes that ends in ‘123’
  • ­Any password of length greater than 16 bytes that begins with ‘MyPwd123’
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stack

A
  • shrinks and grows with the pushing and popping of data on and off the stack
  • grows from high to low addresses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

shellcode

A
  • a shell that executes any code the attacker wants
  • must be in machine code so that can be inserted directly into memory
  • must have a legitimate return address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

attacker code’s privileges

A

same as YOU!

  • ­the host program’s
  • ­system service or OS root privileges ­, if the program is a system service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NVD stands for

A

national vulnerability database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CVE stands for

A

common vulnerability and Exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How many vulnerabilities in our system in:

a. NVD
b. 3 months
c. 3 years

A

a. 70000
b. ~100
c. 1000+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

return-to-libc

A

the return address is overwritten to point to a function in a library. The function can then be executed with parameters of the attacker’s choice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Heap Overflows

A
  • The heap does not store return addresses
  • Data can be tables of function pointers. So the attacker can modify a function pointer to point to malware. This is more sophisticated than buffer overflow.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

OpenSSL Heartbleed Vulnerability

A
  • e the attacker asks for more data than usual. This may expose sensitive data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

defense against overflow

A
  • language choice
  • check all inputs (all input is evil)
  • use functions that (are safer,) do bound checking
  • use automatic tools to analyze vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

language choice to prevent overflow

A
  • ­should be strongly typed
    ­- should do automatic bounds checks
  • ­should do automatic memory management
    ex: java, C++, OOP, strongly typed languages.
    buffer overflow is impossible due to runtime system check
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

a drawback of a secure language

A

possible performance degradation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Stack canaries

A

a canary values is written into the stack frame, just before the return address. IF the canary value is modified, then there is a good possibility the return address has been changed. Thus an overflow is detected

17
Q

Address Space Layout Randomization (ASLR)

A
  • randomizes the stack, heap, libc

- can be used with Non­executable Stack. This requires hardware support