Question

A successful format string attack attempted to steal user account information by reading from unauthorized memory....

  1. A successful format string attack attempted to steal user account information by reading from unauthorized memory. Answer the followings with proper explanation: [2 + 2 = 4 points]
    1. This attack will lead to violation of which security policies? Explain your answer.

  1. This will defeat which security mechanisms? Explain your answer.

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Question 1:: This attack will lead to violation of which security policies? Explain your answer.


Answer 1:: This attack will lead to violation of the following security policies:
1)Confidentiality : Unauthorized memory access will lead to exposure of some private information which is harmful for a software which requires it to be confidential.
2)Integrity : Format string problems allow for information disclosure which can severely simplify exploitation of the program. Some values can be changed by the attacker and so problems will result when the code is executed.
3)Availability: Some data in the code can be removed by the attacker and so when that data is required while execution, will not be available.


Question 2:: This will defeat which security mechanisms? Explain your answer.

Answer 2:: The format string attack begins when an intruder takes aim at the format functions such as printf, sprintf etc which are some ANSII conversion tools for inputting data. When an attacker can modify an externally-controlled format string, this can lead to
1) Overflow of buffers : As the attacker has access to memory, he/she can manipulate memory functions and read data from/to stack which will create overflow.
2) Denial of service(DoS) : Someone who gains control of a system using a format string attack can read or alter data, change security controls, crash applications and thus launch DoS attack.
3) Data representation problems : Once an attacker finds a successful intrusion point, he or she can read data from the stack, read character strings from the process memory, or write an integer to locations in the process memory. This allows the attacker to override critical program flags and controls and mess with the representation format of the data.

Add a comment
Know the answer?
Add Answer to:
A successful format string attack attempted to steal user account information by reading from unauthorized memory....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT