Deck 10: Buffer Overflow

A buffer overflow error is not likely to lead to eventual programtermination.

There are several generic restrictions on the content of shellcode.

At the basic machine level, all of the data manipulated by machineinstructions executed by the computer processor are stored in either the processor's registers or in memory.

Shellcode must be able to run no matter where in memory it islocated.

Buffer overflows can be found in a wide variety of programs,processing a range of different input, and with a variety of possibleresponses.

Buffer overflow attacks are one of the most common attacks seen.

The potential for a buffer overflow exists anywhere that data is copiedor merged into a buffer, where at least some of the data are read fromoutside the program.

An attacker can generally determine in advance exactly where thetargeted buffer will be located in the stack frame of the function inwhich it is defined.

Even though it is a high-level programming language, Java still suffersfrom buffer overflows because it permits more data to be saved into a buffer than it has space for.

Buffer overflow exploits are no longer a major source of concern tosecurity practitioners.

A stack overflow can result in some form of a denial-of-service attackon a system.

Shellcode is not specific to a particular processor architecture.

An attacker is more interested in transferring control to a location andcode of the attacker's choosing rather than immediately crashing theprogram.

Stack buffer overflow attacks were first seen in the Aleph One Worm.

A ___________ overflow occurs when the targeted buffer is located on the stack, usually as a local variable in a function's stack frame.

Data is simply an array of _________ .

A __________ can occur as a result of a programming error when a process attempts to store data beyond the limits of a fixed-size buffer and consequently overwrites adjacent memory locations.

__________ defenses aim to harden programs to resist attacks in new programs.

"Smashing the Stack for Fun and Profit" was a step by step introduction to exploiting stack-based buffer overflow vulnerabilities that was published in Phrack magazine by _________ .

__________ is one of the best known protection mechanisms that is a GCC compiler extension that inserts additional function entry and exit code.

__________ defenses aim to detect and abort attacks in existing programs.

An essential component of many buffer overflow attacks is the transfer of execution to code supplied by the attacker and often saved in the buffer being overflowed. This code is known as _________ .

The __________ project produces a free, multiplatform 4.4BSD-based UNIX-like operating system.

Shellcode has to be __________, which means it cannot contain any absolute address referring to itself.

_________ attacks can occur in a binary buffer copy when the programmer has included code to check the number of bytes being transferred, but due to a coding error, allows just one more byte to be copied than there is space available.

A _________ value is named after the miner's bird used to detect poisonous air in a mine and warn miners in time for them to escape.

In the classic __________ overflow, the attacker overwrites a buffer located in the local variable area of a stack frame and then overwrites the saved frame pointer and return address.

The _________ is typically located above the program code and global data and grows up in memory (while the sack grows down toward it).

Gaps, or __________ , are flagged in the MMU as illegal addresses, and any attempt to access them results in the process being aborted.