Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CYB2200 - L5
BUFFER OVERFLOW
| Question | Answer |
|---|---|
| memory corruption | can be described as the vulnerability that may occur in a computer system when the contents of a memory location are altered due to explicit assignment |
| what are the most common type of memory corruption | buffer overflows |
| buffer overflow | is a software bug in which data copied to a location in memory exceeds the size of the reserved destination area. When an overflow is triggered, the excess data overwrites the adjacent memory locations |
| what is the main reason for buffer overflow | programmers forget to check the size of the data copy |
| a compiled program's memory is divided into five segments | text segment (code segment) , data segment, bss segment (block started by symbol), heap segment, stack segment |
| text segment (code segment) | machine language instructions of the program |
| data segment | initialized global and static variables |
| bss segment (block started by symbol) | uninitialized global and static variables |
| heap segment | dynamic variables |
| stack segment | local function variables |
| heap memory allocations | dynamic memory allocations at run time |
| how does the heap grow | grows down towards higher memory |
| what is the speed of the heap | slow |
| how is the heap allocated | manually : done by programmer using malloc, calloc , free or new and delete |
| stack memory allocations | fixed memory allocations known at compile time |
| how does the stack grow | grows up towards lower memory |
| what does the heap consists of | objects, big buffers, structs, larger things |
| what does the stack consist of | local variables, return addresses, function arguments, |
| what is the speed of the stack | fast |
| how is the stack allocated | automatically done by the compiler, abstracts away any concept of allocating and deallocating |
| heap | is a pool of memory used for dynamic allocations at runtime |
| malloc() | grabs memory on the heap |
| free() | releases memory on the heap |
| for cpp new() | grabs memory on the heap |
| for cpp delete() | releases memory on the heap |
| stack overflows | buffer overflows in which the target buffer is located on the runtime stack |
| heap overflows | overflows happened in the heap |
| global data overflows | the target memory is not on stack and heap |
| static data overflows | the target memory is not on stack and heap |
| a stack is | a last in first out (LIFO) first in last out (FILO) data structure |
| how do you manipulate the stack | push, pop |
| what is the runtime stack alternative names | program stack, call stack |
| runtime stack | records the chain of calls from function to function, so that they can be followed back when function return |
| what does the stack grow towards | lower memory addresses |
| what happens when a function is called | a stack frame will be created and pushed on the stack. |
| what happens when a function returns | the stack frame on the stack will be popped (removed) from the stack when the function returns |
| EBP acronym | extended base pointer |
| EBP | sometimes called frame pointer |
| what is used for EBP | used to reference local function variables in the current stack frame |
| EBP | special register |
| what are a stack frames important regions | arguments, return address, previous frame pointer, local variables |
| what can a stack overflow overwrite | local variables, saved ebp (previous frame pointer), return addresses, function arguments, previous stack frames |
| what is overwriting a return address buffer overflow attack | Execution can be redirected to an area of memory containing data the attacker controls |
| what does the attacker fill the targeted return location with in a buffer overflow attack where they overwrote a return address | with some code to do something (eg, connecting back to the attacker, run the shell) |
| In hacking, a shellcode is | a small piece of code used as the payload in the exploitation of a software vulnerability. |
| why is it called shellcode | It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode |
| what are some overflow counter measures | staying within bounds, avoid using unsafe C lib functions |
| how do you stay within bounds | check lengths before writing, confirm that array subscripts are within limits, Double-check boundary condition code for off-by-one errors, Limit input to the number of acceptable characters, Limit programs’ privileges to reduce potential harm |
| what are the unsafe C lib functions | strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const char *format, ... ) printf (conts char *format, ... ) |
| what are ways to prevent buffer overflow attacks | Code analyzers (such as static code analyzer) can analyze source code to identify many overflow vulnerabilities. Black box testing .Runtime checking. Mark stack as non-executable . Stack canary (stack cookie). Address space layout randomization (ASLR) |
| Address space layout randomization (ASLR) | Arranging the positions of key data areas randomly in a process’ address space |
| how does Address space layout randomization (ASLR) work | Essentially, data and code sections are mapped at a (somewhat) random memory location when they are loaded |
| what is a problem with ASLR | Attackers can repetitively guess randomized address (Brute force) |
Created by:
user-1830624
Popular Computers sets