Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Chapter 12: Buffer Overflows
TRUE/FALSE
1. Buffer overflow is a condition common to structured programming languages such as the “C” language.
2. Functions use variables to store values that may be stored temporarily or permanently.
3. Buffer overflows are always intentional attacks.
4. A stack cannot store details regarding the function that called the currently executing function.
5. A heap provides a permanent memory space unlike the temporary memory space that is provided by a
stack.
MULTIPLE CHOICE
1. The “____” language was used to write utilities and operating systems, including UNIX and Windows.
a.
C
c.
Basic
b.
Java
d.
Fortran
2. When a user requests to execute a “C” program file, the primary function referred to is the ____ function.
a.
start
c.
load
b.
open
d.
main
3. The ____ bug targets the variables that are used by functions to store values.
a.
overload
c.
flood
b.
buffer overflow
d.
DoS
4. To circumvent stack buffer overflows, programmers create applications that do not allow extra
characters to be accepted by a variable making the traditional buffer overflow method problematic. This
check can be bypassed by using the ____ method.
a.
character hashing
c.
character-set decoding
b.
nybble-to-byte compression
d.
set encryption
5. The ____ function is a secure replacement for the gets() function.
a.
strncat()
c.
strncpy()
b.
snprintf()
d.
fgets()
COMPLETION
1. ____________________ happens when input applied to a variable is larger than the memory allotted to
that variable.
2. ____________________ has a goal of overloading the memory space provided to the variable. This
might either allow the attacker to crash the computer or break into it.
3. On some specific operating systems, the kernel can be patched in such a way that running processes are
not affected by buffer overflow conditions. This patch is called ______________________________.
4. Buffer overflows can be divided into two categories: _________________________ and heap overflow.
5. A(n) ____________________ is known as the corruption of the instruction pointer, which points to the
memory area where the function to be executed is stored.
SHORT ANSWER
1. How can buffer overflows be avoided?
2. Why do programs need a memory stack area?
3. What are the steps involved in a buffer overflow exploit?
4. What are some of the C functions susceptible to buffer overflow?
5. Describe the nybble-to-byte compression method.
