HomeworkLib
Question

A buffer overflow always results in vulnerable code being executed with root level privileges True False

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

For answering this question lets first know what buffer overflow is,

A buffer is a region of memory with a certain boundary . for eg . an array declaration of 50 integers , or character array declaration that can hold 10 characters. So a buffer have associated boundary with a minimum and maximum value.

If the code is vulnerable and is not properly written (overflow conditions are not handled properly), then attacker can actually exploit the buffer usage by writing data past the left or right boundries . Lets say a character of string is for password is initialized as follows

char password[10];

Now an attacker can try to insert following instuction

password[10] ='a';

Now if array bounds are not properly handled , then this may cause the system to crash.

lets consider another situation by following code: -

char buff[10];

int flag = 0;

gets(buff)

if(strcmp(buff,"password")) {

WRONg password

} else {

flag =1;

password correct

}

if(flag) {

GRANT root access

}

gets() function does not check arraybounds . So lets say attacker has given password as "qwertyuiopasd". As password is more then size of buff and it is not handled, compiler will ignore it.

Though Wrong Password will be there, but because of bufferoverflow it can overwrite the value of flag making it non zero and can get the rool level access.

So its not like that everytime, attacker can get the root level access. It totally depends upon how intelligent an attacker is and how vulnerable the code is. Sometimes buffer overflow leads to system crash or make system highly unstable. So Ans is FALSE.

0 0
Add a comment
Know the answer?
Add Answer to:
A buffer overflow always results in vulnerable code being executed with root level privileges. True False
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except Root...

    In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except Root level Application level User level System level The EBP register is the base of the current stack frame of a process in higher address True False Which one of the following isn’t a part of the stack operation? Saving the calling program’s EBP register on the stack Decrementing the ESP register to make room for the function’s local variables Incrementing ESP to EBP to...

  • Buffer has the capability to prevent user from putting too much data into a reserved space...

    Buffer has the capability to prevent user from putting too much data into a reserved space True False When buffer overflow happens, which one will you write past? EFP EBP EIP EMP The main goal of buffer overflow is to overflow the vulnerable buffer. When the function returns, the corrupted value of which will be popped off the stack into the register and executed? MAR MBR EBP EIP Memory protection scheme is often used to catches unsafe operations at what...

  • Which statements are true, and which are false? Explain. Tor F Recall bias always results in...

    Which statements are true, and which are false? Explain. Tor F Recall bias always results in an underestimate of the magnitude of association. Tor F Prospective cohort studies are prone to recall bias. Tor F Interviewer bias can produce either an over-estimate or under-estimate of the magnitude of association. Tor F Significant loss to follow up can cause an over-estimate or under-estimate of the magnitude of association in a prospective cohort study. Tor F Case-control studies are vulnerable to bias...

  • Newton's method is always the slowest algorithm (takes the most iterations) for finding a root. True...

    Newton's method is always the slowest algorithm (takes the most iterations) for finding a root. True O False The shape of the function influences the performance of the False Position Method. O True O False The Bisection Method can fail to converge if f (201) a and f (xu) have opposite signs. True False

  • true 1. Newton's method will always find a root of a smooth, differentiable, function with a...

    true 1. Newton's method will always find a root of a smooth, differentiable, function with a root. a) b) false c) only with a good initial guess 2. Give one mathematical equation that defines an eigenvalue. Use A for the matrix and e for the eigenvalue and v for the eigenvector. 3: A program to do optimization can work on any number of independent variables. a) true b) false 4: Computing a FFT (Fast Fourier Transform) of a persons voice,...

  • 1) PHP can only connect to MySQL types of databases. TRUE or FALSE 2) The results...

    1) PHP can only connect to MySQL types of databases. TRUE or FALSE 2) The results of every SQL query are stored in a table. TRUE or FALSE 3) A results of a query executed in PHP can be fetched one row at a time and can be stored into an array. TRUE or FALSE

  • 1. Since researchers cannot always conduct true experiments, one must control spurious relationships. True or False...

    1. Since researchers cannot always conduct true experiments, one must control spurious relationships. True or False 2. To use multiple regression equation the dependent variables and all of the independent variables have to be measured at the interval or ratio level. True or False

  • True or false 7. The marginal rate of substitution is always the same constant number when...

    True or false 7. The marginal rate of substitution is always the same constant number when the goods are imperfect substitutes and no matter how many of each good is being consumed.

  • QUESTION 1 Which statement results in the value false? The value of count is 0; limit...

    QUESTION 1 Which statement results in the value false? The value of count is 0; limit is 10. (count != 0)&&(limit < 20) (count == 0)&&(limit < 20) (count != 0)||(limit < 20) (count == 0)&&(limit < 20) 10 points    QUESTION 2 If this code fragment were executed in an otherwise correct and complete program, what would the output be? int a = 3, b = 2, c = 5 if (a > b) a = 4; if (...

  • Identify each of the following statements as being either true or false. At equilibrium, individual molecules...

    Identify each of the following statements as being either true or false. At equilibrium, individual molecules cannot undergo any chemical reactions. At equilibrium, the overall composition of the reaction mixture is varying.   A large equilibrium constant (K >> 1) always favors products at equilibrium. A large reaction quotient (Q << 1) always favors products at equilibrium.

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT