buffer overflow causes quiz. ©2002, jedidiah r. crandall, susan l. gerhart, jan g. hogle. quiz:...
TRANSCRIPT
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu
Quiz: Buffer Overflow Causes
Author: Jedidiah R. Crandall, [email protected]
This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program:
Grant No. 0113627
Distributed July 2002
Embry-Riddle Aeronautical University • Prescott, Arizona • USA
3 Questions, Answers follow the “About” page.
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu
1. Which of these are a security problem?
A. Stack smashing
B. Heap-based attacks
C. Data corruption
D. Program crashes
E. Core dumps
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu
2. Which of these statements is true?
A. It’s always the size of the input and not the input itself that causes a buffer overflow
B. Many buffer overflows are caused by blatantly careless programmer errors
C. Even very careful and very skilled programmers can produce software with buffer overflows
D. All of the subroutines included in the Standard C Library will do bounds checking for you
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu
3. Which of these statements is true about a 50 byte buffer in C?
A. It will hold 50 ASCII characters (other than the NULL at the end)
B. It will hold 100 UNICODE charactersC. The last ASCII character (other than NULL) is indexed
with the number 98D. The last ASCII character (other than NULL) is indexed
with the number 99E. The last ASCII character (other than NULL) is indexed
with the number 100
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu
About this Project
1. This presentation is part of a larger package of materials on buffer overflow vulnerabilities, defenses, and software practices. For more information, go to: http://nsfsecurity.pr.erau.edu
2. Also available are:– Demonstrations of how buffer overflows occur (Java applets)– PowerPoint lecture-style presentations on an introduction to buffer overflows,
preventing buffer overflows (for C programmers), and a case study of Code Red– Checklists and Points to Remember for C Programmers– An interactive module and quiz set with alternative paths for journalists/analysts
and IT managers as well as programmers and testers– A scavenger hunt on implications of the buffer overflow vulnerability
3. Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements.
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu
Answers
1. A,B,C,D,E2. B,C3. C