buffer overflow causes quiz. ©2002, jedidiah r. crandall, susan l. gerhart, jan g. hogle. quiz:...

6
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu Quiz: Buffer Overflow Causes Author: Jedidiah R. Crandall, [email protected] This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627 Distributed July 2002 Embry-Riddle Aeronautical University • Prescott, Arizona • USA 3 Questions, Answers follow the “About” page.

Upload: lucas-stevenson

Post on 02-Jan-2016

218 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.  Quiz: Buffer Overflow Causes Author:

Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu

Quiz: Buffer Overflow Causes

Author: Jedidiah R. Crandall, [email protected]

This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program:

Grant No. 0113627

Distributed July 2002

Embry-Riddle Aeronautical University • Prescott, Arizona • USA

3 Questions, Answers follow the “About” page.

Page 2: Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.  Quiz: Buffer Overflow Causes Author:

Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu

1. Which of these are a security problem?

A. Stack smashing

B. Heap-based attacks

C. Data corruption

D. Program crashes

E. Core dumps

Page 3: Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.  Quiz: Buffer Overflow Causes Author:

Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu

2. Which of these statements is true?

A. It’s always the size of the input and not the input itself that causes a buffer overflow

B. Many buffer overflows are caused by blatantly careless programmer errors

C. Even very careful and very skilled programmers can produce software with buffer overflows

D. All of the subroutines included in the Standard C Library will do bounds checking for you

Page 4: Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.  Quiz: Buffer Overflow Causes Author:

Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu

3. Which of these statements is true about a 50 byte buffer in C?

A. It will hold 50 ASCII characters (other than the NULL at the end)

B. It will hold 100 UNICODE charactersC. The last ASCII character (other than NULL) is indexed

with the number 98D. The last ASCII character (other than NULL) is indexed

with the number 99E. The last ASCII character (other than NULL) is indexed

with the number 100

Page 5: Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.  Quiz: Buffer Overflow Causes Author:

Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu

About this Project

1. This presentation is part of a larger package of materials on buffer overflow vulnerabilities, defenses, and software practices. For more information, go to: http://nsfsecurity.pr.erau.edu

2. Also available are:– Demonstrations of how buffer overflows occur (Java applets)– PowerPoint lecture-style presentations on an introduction to buffer overflows,

preventing buffer overflows (for C programmers), and a case study of Code Red– Checklists and Points to Remember for C Programmers– An interactive module and quiz set with alternative paths for journalists/analysts

and IT managers as well as programmers and testers– A scavenger hunt on implications of the buffer overflow vulnerability

3. Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements.

Page 6: Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.  Quiz: Buffer Overflow Causes Author:

Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu

Answers

1. A,B,C,D,E2. B,C3. C