Secure Software Design - Buffer Overflow

Question 1

What is a buffer overflow?

Answer 1

A vulnerability where excess data overwrites adjacent memory, potentially leading to unauthorized control of a program.

Question 2

Fill in the blank: Buffer overflow exploits often occur due to insufficient ______ for user input.

Answer 2

Memory allocation

Question 3

List the four primary memory segments in a program.

Answer 3

Text segment, Data segment, Heap, and Stack.

Question 4

Where are local variables typically stored in memory?

Answer 4

On the stack.

Question 5

What is the primary purpose of the text segment in memory?

Answer 5

To store executable instructions.

Question 6

Why is the stack segment vulnerable to buffer overflow attacks?

Answer 6

It holds function call data, including return addresses, which can be overwritten to hijack program control.

Question 7

Fill in the blank: In a function call, the ______ holds the previous function’s address to return to after execution.

Answer 7

Return address

Question 8

Explain how the function call stack can be exploited in a buffer overflow.

Answer 8

By overwriting the return address with a new one pointing to malicious code.

Question 9

What does a NOP sled accomplish in a buffer overflow attack?

Answer 9

It creates a buffer zone of no-operation instructions to ensure the shellcode is reached.

Question 10

Define ‘shellcode’ in the context of buffer overflow attacks.

Answer 10

Malicious code designed to execute a specific command or task when the program is hijacked.

Question 11

What is Return-Oriented Programming (ROP)?

Answer 11

An attack that uses existing code snippets (gadgets) in memory to perform malicious actions without injecting new code.

Question 12

Fill in the blank: Safer functions like ______ help mitigate buffer overflow risks by limiting the length of copied data.

Answer 12

strncpy, snprintf, strncat

Question 13

Why is Address Space Layout Randomization (ASLR) effective against buffer overflow?

Answer 13

It randomizes memory addresses, making it harder for attackers to predict critical locations.

Question 14

What is the role of non-executable stack (NX) protection?

Answer 14

To mark stack memory as non-executable, preventing the execution of injected code.

Question 15

Explain the purpose of a ‘stack canary.’

Answer 15

A small value placed between buffers and return addresses to detect memory corruption before a function returns.

Question 16

List two compiler-based countermeasures for buffer overflow.

Answer 16

StackGuard (stack canaries) and StackShield.

Question 17

What is ASLR’s main function in memory protection?

Answer 17

To randomize the layout of program memory, reducing predictability and exploitation opportunities.

Question 18

Fill in the blank: Stack canaries are used to detect ______ in buffer overflow attacks.

Answer 18

Memory corruption or overwriting

Question 19

Explain the concept of ‘return-to-libc’ attacks.

Answer 19

An attack that bypasses NX by redirecting execution to functions in libc (like system()) instead of injecting new code.

Question 20

What does StackGuard protect against?

Answer 20

Buffer overflows by inserting a canary value to check for corruption before returning from a function.

Question 21

Fill in the blank: The NX bit marks certain memory areas as ______ to prevent code execution in those areas.

Answer 21

Non-executable

Question 22

How can brute-force be used to bypass ASLR?

Answer 22

By repeatedly attempting the attack until the correct addresses are found, often via automated scripts.

Question 23

Why are functions like strcpy and sprintf considered unsafe?

Answer 23

They don’t check buffer limits, leading to potential overflows if input exceeds the buffer size.

Question 24

List one advantage of using languages like Java or Python against buffer overflow.

Answer 24

They have built-in bounds-checking, reducing overflow risks.

Question 25

What does the term ‘heap-based overflow’ refer to?

Answer 25

A buffer overflow occurring in the heap, typically with dynamically allocated memory.

Question 26

Explain the role of static analyzers in preventing buffer overflow.

Answer 26

They analyze code for patterns that could lead to overflow, alerting developers during early development stages.

Question 27

What is the function of the stack segment in memory?

Answer 27

To store function call data, including local variables, return addresses, and parameters.

Question 28

Fill in the blank: ASLR randomizes the memory layout, making it ______ for attackers to predict addresses for overflow exploitation.

Answer 28

Harder

Question 29

How does non-executable stack protection prevent buffer overflow exploits?

Answer 29

By preventing code execution in the stack segment, blocking direct execution of injected shellcode.

Question 30

Why is it recommended to use strncpy over strcpy?

Answer 30

strncpy limits the number of copied characters, helping to prevent buffer overflow.

Question 31

What does the heap segment in memory store?

Answer 31

Dynamically allocated memory created with malloc, new, or similar functions.

Question 32

How does StackShield help prevent buffer overflows?

Answer 32

It stores a backup of the return address in a safe location and checks it before returning from a function.