Secure Software Design - Buffer Overflow Flashcards

1
Q

What is a buffer overflow?

A

A vulnerability where excess data overwrites adjacent memory, potentially leading to unauthorized control of a program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Fill in the blank: Buffer overflow exploits often occur due to insufficient ______ for user input.

A

Memory allocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the four primary memory segments in a program.

A

Text segment, Data segment, Heap, and Stack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where are local variables typically stored in memory?

A

On the stack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the primary purpose of the text segment in memory?

A

To store executable instructions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why is the stack segment vulnerable to buffer overflow attacks?

A

It holds function call data, including return addresses, which can be overwritten to hijack program control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fill in the blank: In a function call, the ______ holds the previous function’s address to return to after execution.

A

Return address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain how the function call stack can be exploited in a buffer overflow.

A

By overwriting the return address with a new one pointing to malicious code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a NOP sled accomplish in a buffer overflow attack?

A

It creates a buffer zone of no-operation instructions to ensure the shellcode is reached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define ‘shellcode’ in the context of buffer overflow attacks.

A

Malicious code designed to execute a specific command or task when the program is hijacked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Return-Oriented Programming (ROP)?

A

An attack that uses existing code snippets (gadgets) in memory to perform malicious actions without injecting new code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fill in the blank: Safer functions like ______ help mitigate buffer overflow risks by limiting the length of copied data.

A

strncpy, snprintf, strncat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is Address Space Layout Randomization (ASLR) effective against buffer overflow?

A

It randomizes memory addresses, making it harder for attackers to predict critical locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the role of non-executable stack (NX) protection?

A

To mark stack memory as non-executable, preventing the execution of injected code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain the purpose of a ‘stack canary.’

A

A small value placed between buffers and return addresses to detect memory corruption before a function returns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

List two compiler-based countermeasures for buffer overflow.

A

StackGuard (stack canaries) and StackShield.

17
Q

What is ASLR’s main function in memory protection?

A

To randomize the layout of program memory, reducing predictability and exploitation opportunities.

18
Q

Fill in the blank: Stack canaries are used to detect ______ in buffer overflow attacks.

A

Memory corruption or overwriting

19
Q

Explain the concept of ‘return-to-libc’ attacks.

A

An attack that bypasses NX by redirecting execution to functions in libc (like system()) instead of injecting new code.

20
Q

What does StackGuard protect against?

A

Buffer overflows by inserting a canary value to check for corruption before returning from a function.

21
Q

Fill in the blank: The NX bit marks certain memory areas as ______ to prevent code execution in those areas.

A

Non-executable

22
Q

How can brute-force be used to bypass ASLR?

A

By repeatedly attempting the attack until the correct addresses are found, often via automated scripts.

23
Q

Why are functions like strcpy and sprintf considered unsafe?

A

They don’t check buffer limits, leading to potential overflows if input exceeds the buffer size.

24
Q

List one advantage of using languages like Java or Python against buffer overflow.

A

They have built-in bounds-checking, reducing overflow risks.

25
Q

What does the term ‘heap-based overflow’ refer to?

A

A buffer overflow occurring in the heap, typically with dynamically allocated memory.

26
Q

Explain the role of static analyzers in preventing buffer overflow.

A

They analyze code for patterns that could lead to overflow, alerting developers during early development stages.

27
Q

What is the function of the stack segment in memory?

A

To store function call data, including local variables, return addresses, and parameters.

28
Q

Fill in the blank: ASLR randomizes the memory layout, making it ______ for attackers to predict addresses for overflow exploitation.

A

Harder

29
Q

How does non-executable stack protection prevent buffer overflow exploits?

A

By preventing code execution in the stack segment, blocking direct execution of injected shellcode.

30
Q

Why is it recommended to use strncpy over strcpy?

A

strncpy limits the number of copied characters, helping to prevent buffer overflow.

31
Q

What does the heap segment in memory store?

A

Dynamically allocated memory created with malloc, new, or similar functions.

32
Q

How does StackShield help prevent buffer overflows?

A

It stores a backup of the return address in a safe location and checks it before returning from a function.