Quiz 1 Flashcards
(41 cards)
What are bugs/vulnerabilities?
Malicious functionalities that extends primary intended design
What are exploits/attacks?
Inputs that leverage vulnerabilities to take control of the system or leak sensitive information
What is software security?
Risk management, it involves identifying vulnerabilities and patching vulnerable code
What are the three tasks involved in security management
Software auditing, security test, and patch develoment
What are the six main memory corruption vulnerabilities?
Buffer overflow
Integer overflow
Format String
Race Condition
Use-after-free
Double free
What are the three types of buffer overflows?
Stack overflow
Heap overflow
Type confusion
What is a buffer overflow?
When data is written outside of the space allocated to the buffer
What is the goal of Arbitrary Code Execution?
To take over a target machine
What are the targets of control flow hijacking?
Function pointer/return addresses
Exception handlers
Corrupting vtable
Longjmp buffers
What is a type confusion?
A type of vulnerability caused by exploiting logical errors that emerges from illegal down casts
How do truncation errors occur?
An integer is converted to a smaller integer type and the value of the original integer is outside the range of the smaller type
How does an arithmetic overflow occur?
The result of an integer operation does not fit within the allocated memory space
To avoid integer overflows when you need a size of a count what should you use?
size_t
To avoid integer overflows when you need a specific bit-width what should you use?
uint8_t for 8 bit, uint16_t for 16bit ect
To avoid integer overflows when you need an integer to hold a pointer what should you use?
intptr_t
What is Format String Vulnerability?
When the format of a string is used in such a way to execute code or crash a program
How are format string attacks performed?
The attacker walks up the stack until they find the desired pointer and then writes to arbitrary memory
What is a dangling pointer?
A pointer variable through which the freed memory is accessed
What are Use-After-Free vulnerabilities?
When data on the heap is freed, but a leftover reference/dangling pointer is used by the code as if the data were still valid
What are some causes of use after free errors?
Wrongly handled error conditions
Unaccounted for program states
Confusion over which part of the program is responsible for freeing memory
Why are Use-After-Free attacks so well liked?
Doesn’t require one to corrupt memory
Can be used for info leaks
Can be used to trigger memory corruption or get control of EIP
What does each chunk in the malloc() doubly linked list holds?
A free bit
A link to the next and previous chunk tags
What is a Double Free?
Freeing the same chunk of memory twice, without it being reallocated in between
What is the attacker goal in shellcode?
To execute arbitrary code