Deck 10: Buffer Overflow

The buffer overflow type of attack is one of the least commonly seen
attacks.

Several of the items in the CWE/SANS Top 25 Most Dangerous
Software Errors list,Risky Resource Management category,are buffer
overflow variants.

The attacker is able to precisely specify the starting address of the
instructions in the shellcode.

Shellcode is not specific to a particular processor architecture.

A stack overflow can result in some form of denial-of-service attack on
a system.

C's designers placed much more emphasis on space efficiency and
performance considerations than on type safety.

The JAVA programming language is extremely vulnerable to buffer
overflows.

Buffer overflows can be found in a wide variety of programs.

A successful buffer overflow attack results in the loss of the function
or service the attacked program provided.

The only consequence of a buffer overflow attack is the possible
corruption of data used by the program.

The possibility of overwriting the saved frame pointer and return
address forms the core of a stack overflow attack.

To exploit any type of buffer overflow the attacker needs to understand
how that buffer will be stored in the processes memory.

The responsibility is placed on the assembly language programmer to
ensure that the correct interpretation is placed on any saved data value.

An effective method for protecting programs against classic stack
overflow attacks is to instrument the function entry and exit code to
setup and then check its sack frame for any evidence of corruption.

_______ defenses aim to detect and abort attacking existing programs.

One of the restrictions on the content of shellcode is that it has to be _______,which means that it cannot contain any absolute address referring to itself.

A ________ is a condition where more input is placed into a buffer or data holding area than the capacity allocated and thus overwrites other information.

_______ was one of the earliest operating systems written in a high-level language.

The function of the _______ was to transfer control to a user command line interpreter that gave access to any program available on the system with the privileges of the attacked program.

At the basic machine level,all of the data manipulated by machine instructions executed by the computer processor are stored in either the processor's registers or in ________.

______ defenses aim to harden programs to resist attacks in new programs.

Stackshield,Return Address Defender and ________ are GCC compiler extensions that insert additional function entry and exit code.

The _________ project produces a free,multiplatform 4.4BSD-based UNIX-like operating system.

A _______ overflow occurs when the targeted buffer is located on the stack,usually as a local variable in a function's stack frame.

A _________ can occur as a result of a programming error when a process attempts to store data beyond the limits of a fixed-sized buffer and consequently overwrites adjacent memory locations.

In 1996 ________ published "Smashing the Stack for Fun and Profit" in Phrack magazine,giving a step-by-step introduction to exploiting stack-based buffer overflow vulnerabilities.

________ attacks can occur in a binary buffer copy when the programmer has included code to check the number of bytes being transferred,but due to a coding error,allows just one more byte to be copied than there is space available.

The attacker can specify the return address used to enter code as a location somewhere in the run of NOPs,which is called a NOP ______.

_______ can be placed between stack frames or between different allocations on the heap to provide further protection against stack and heap overflow attacks,but at cost in execution time supporting the large number of page mappings necessary.