Homework Help is Here – Start Your Trial Now!
Engineering
Cybersecurity
a. A buffer overflow attack can be enabled by: (1) incrementing an integer counter too many times (2) using gets() to read a line of input into a stack-based buffer (3) using a poor random number generator (4) assigning a negative short value to a long variable b. What is a gadget? (1) a defense against code-injection attacks (2) a system call that does something useful (3) a short sequence of existing machine code that ends with ret (4) a lousy random number generator c. Which of these is not a countermeasure against buffer overflows? Using a garbage-collected language like Java Making the stack non-executable (1) (2) (3) Always limiting the length of input from an untrusted source (4) Address space layout randomization

a. A buffer overflow attack can be enabled by: (1) incrementing an integer counter too many times (2) using gets() to read a line of input into a stack-based buffer (3) using a poor random number generator (4) assigning a negative short value to a long variable b. What is a gadget? (1) a defense against code-injection attacks (2) a system call that does something useful (3) a short sequence of existing machine code that ends with ret (4) a lousy random number generator c. Which of these is not a countermeasure against buffer overflows? Using a garbage-collected language like Java Making the stack non-executable (1) (2) (3) Always limiting the length of input from an untrusted source (4) Address space layout randomization

icon
Related questions
Question

this question has 4 parts

a. A buffer overflow attack can be enabled by: (1) incrementing an integer counter too many times (2) using gets () to read a line of input into a stack-based buffer (3) using a poor random number generator (4) assigning a negative short value to a long variable b. What is a gadget? (1) a defense against code-injection attacks (2) a system call that does something useful (3) a short sequence of existing machine code that ends with ret (4) a lousy random number generator c. Which of these is not a countermeasure against buffer overflows? (1) Using a garbage-collected language like Java (2) (3) Making the stack non-executable Always limiting the length of input from an untrusted source (4) Address space layout randomization
Transcribed Image Text:a. A buffer overflow attack can be enabled by: (1) incrementing an integer counter too many times (2) using gets () to read a line of input into a stack-based buffer (3) using a poor random number generator (4) assigning a negative short value to a long variable b. What is a gadget? (1) a defense against code-injection attacks (2) a system call that does something useful (3) a short sequence of existing machine code that ends with ret (4) a lousy random number generator c. Which of these is not a countermeasure against buffer overflows? (1) Using a garbage-collected language like Java (2) (3) Making the stack non-executable Always limiting the length of input from an untrusted source (4) Address space layout randomization
d. Successful exploit code for a ROP attack (as in the attack on "rtarget" in Project 3) would consist entirely of: (1) padding and gadgets (2) padding and machine instructions (3) ASCII-encoded names of functions to invoke (4) padding, 8-byte values to be popped off the stack, and addresses of gadgets
Transcribed Image Text:d. Successful exploit code for a ROP attack (as in the attack on "rtarget" in Project 3) would consist entirely of: (1) padding and gadgets (2) padding and machine instructions (3) ASCII-encoded names of functions to invoke (4) padding, 8-byte values to be popped off the stack, and addresses of gadgets
Expert Solution
steps

Step by step

Solved in 4 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer