Chapter 10 Computer Security Principles and Practice (Stallings/Brown)
Buffer overflow - Answer- A condition at an interface under which more info can be placed into a buffer or data holding area than the capacity allocated, overriding other information
Example of a buffer overflow - Answer- ...
Chapter 10 Computer Security
Principles and Practice
(Stallings/Brown)
Buffer overflow - Answer- A condition at an interface under which more info can be
placed into a buffer or data holding area than the capacity allocated, overriding other
information
Example of a buffer overflow - Answer- Stack buffer overflows inserting extra
instructions into a command to force an overflow
that inserts calls to malware
When are stacks used? - Answer- 1. in function/procedure calls.
2. for allocation of memory for local variables.
3. for allocation of memory for parameters.
4. control information (return address)
ShellCode - Answer- 1. Creates a shell. It is short. The shellcode must be in machine
code so that can be inserted directly into memory.
2. It must have a return address that is the legitimate return address
When control is transferred to the shellcode whose privileges are used? - Answer- 1.
Recall it is running on
behalf of the user.
2. The privileges that are used are:
the host program's (this is the program that is exploited by the shellcode) system
service or OS root privileges
3. If the program is a system service the shellcode (and therefore the attacker) will
have access to much of the system.
4. Root privileges is like having keys to the kingdom
Return to libc - Answer- 1. The return address is overwritten to point to a function in
a library.
2. The function can then be executed with parameters of the attacker's choice.
3. For example the attacker can launch a command shell.
Stack buffer overflow/Stack smashing - Answer- Occurs when the targeted buffer is
located on the stack, usually is a local variable any functions stack frame
Stack frame - Answer- A structure on the stack that stores the return address during
a function call, here It also stores locations and saves parameters to be passed to
the function. Possibly register values too.
Shell code - Answer- Code supplied by an attacker and often saved in the buffer
being overflowed, so the attacker can transfer execution of the program to the Shell
code
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Gurustudy. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £7.16. You're not tied to anything after your purchase.
