Software Security Week 1 Quiz Answer
In this article i am gone to share Coursera Courseย Software Security Week 1 Quiz Answer with you..
Software Security Week 1 Quiz Answer
Also visit this link:ย Software Security Week 6 Quiz Answer
Week 1 Quiz Answer
Question 1)
Three of the following are classic security properties; which one is not?
- Availabilityย
- Integrity
- Confidentiality
- Correctness
ย
Question 2)
What was the first buffer overflow attack?
- Love Bug
- Code Red
- SQL Slammer
- Morris Worm
ย
Question 3)
The stack is memory for storing
- Program code
- Local variables
- Dynamically linked libraries
- Global variables
ย
Question 4)
Why is it that the compiler does not know the absolute address of a local variable?
- Compiler writers are not very good at that sort of thing
- Programs are not allowed to reference memory using absolute addresses
- The size of the address depends on the architecture the program will run on
- As a stack-allocated variable, it could have different addresses depending on when its containing function is called
ย
Question 5)
When does a buffer overflow occur, generally speaking?
- when writing to a pointer that has been freed
- when copying a buffer from the stack to the heap
- when a pointer is used to access memory not allocated to itย
- when the program notices a buffer has filled up, and so starts to reject requests
ย
Question 6)
How does a buffer overflow on the stack facilitate running attacker-injected code?
- By writing directly to %eax the address of the code
- By changing the name of the running executable, stored on the stack
- By overwriting the return address to point to the location of that code
- By writing directly to the instruction pointer register the address of the code
ย
Question 7)
What is a nop sled?
- It is an anonymous version of a mop sled
- It is a method of removing zero bytes from shellcode
- It is another name for a branch instruction at the end of sequence of nops
- It is a sequence of nops preceding injected shellcode, useful when the return address is unknown
ย
Question 8)
The following program is vulnerable to a buffer overflow (assuming the absence of automated defenses like ASLR, DEP, etc., which we introduce in the next unit). What is the name of the buffer that can be overflowed?
ย
#include <stdio.h>
#include <string.h>
ย
#define S 100
#define N 1000
ย
int main(int argc, char *argv[]) {
ย char out[S];
ย char buf[N];
ย char msg[] = “Welcome to the argument echoing programn”;
ย int len = 0;
ย buf[0] = ‘๏ฟฝ’;
ย printf(msg);
ย while (argc) {
ย ย sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย ย argc–;
ย ย strncat(buf,out,sizeof(buf)-len-1);
ย ย len = strlen(buf);
ย }
ย printf(“%s”,buf);
ย return 0;
}
ย
- out
- len
- buf
- msg
ย
Question 9)
Here is the same program as the previous question. What line of code can overflow the vulnerable buffer?
ย
#include <stdio.h>
#include <string.h>
ย
#define S 100
#define N 1000
ย
int main(int argc, char *argv[]) {
ย char out[S];
ย char buf[N];
ย char msg[] = “Welcome to the argument echoing programn”;
ย int len = 0;
ย buf[0] = ‘๏ฟฝ’;
ย printf(msg);
ย while (argc) {
ย ย sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย ย argc–;
ย ย strncat(buf,out,sizeof(buf)-len-1);
ย ย len = strlen(buf);
ย }
ย printf(“%s”,buf);
ย return 0;
}
ย
- sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
- printf(msg)
- len = strlen(buf);
- strncat(buf,out,sizeof(buf)-len-1);
- printf(“%s”,buf);
ย
Question 10)
Recall the vulnerable overflow from the previous two questions. We can change one line of code and make the buffer overrun go away. Which of the following one-line changes, on its own, will eliminate the vulnerability?
ย
#include <stdio.h>
#include <string.h>
ย
#define S 100
#define N 1000
ย
int main(int argc,char *argv[]) {
ย char out[S];
ย char buf[N];
ย char msg[] = “Welcome to the argument echoing programn”;
ย int len = 0;
ย buf[0] = ‘๏ฟฝ’;
ย printf(msg);
ย while (argc) {
ย ย sprintf(out,”argument %d is %sn”,argc-1,argv[argc-1]);
ย ย argc–;
ย ย strncat(buf,out,sizeof(buf)-len-1);
ย ย len = strlen(buf);
ย }
ย printf(“%s”,buf);
ย return 0;
}
ย
- change printf(“%s”,buf) to printf(buf);
- change printf(msg) to printf(“%s”,msg);
- change sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1])
- to snprintf(out, S, “argument %d is %sn”, argc-1, argv[argc-1])
- change char msg[] = “Welcome to the argument echoing programn” to char msg[42] = “Welcome to the argument echoing programn”
ย
Question 11)
Recall the vulnerable program from the previous few questions. Which of the following attacks do you think the program is susceptible to?
ย
#include <stdio.h>
#include <string.h>
ย
#define S 100
#define N 1000
ย
int main(int argc, char *argv[]) {
ย char out[S];
ย char buf[N];
ย char msg[] = “Welcome to the argument echoing programn”;
ย int len = 0;
ย buf[0] = ‘๏ฟฝ’;
ย printf(msg);
ย while (argc) {
ย ย sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย ย argc–;
ย ย strncat(buf,out,sizeof(buf)-len-1);
ย ย len = strlen(buf);
ย }
ย printf(“%s”,buf);
ย return 0;
}
ย
- code injection
- data corruption
- reading arbitrary addresses in memory
- all of the above
ย
Question 12)
Recall the program again.
ย
#include <stdio.h>
#include <string.h>
ย
#define S 100
#define N 1000
ย
int main(int argc, char *argv[]) {
ย char out[S];
ย char buf[N];
ย char msg[] = “Welcome to the argument echoing programn”;
ย int len = 0;
ย buf[0] = ‘๏ฟฝ’;
ย printf(msg);
ย while (argc) {
ย ย sprintf(out, “argument %d is %sn”, argc-1, argv[argc-1]);
ย ย argc–;
ย ย strncat(buf,out,sizeof(buf)-len-1);
ย ย len = strlen(buf);
ย }
ย printf(“%s”,buf);
ย return 0;
}
ย
If we changed printf(“%s”,buf) to printf(buf) then the program would be vulnerable to what sort of attack?
- heap overflow
- use-after-free attack
- format string attack
- all of the above
ย
Question 13)
Exploitation of the Heartbleed bug permits
- a kind of code injection
- a format string attack
- a read outside bounds of a buffer
- overwriting cryptographic keys in memory
ย
Question 14)
Why is it that anti-virus scanners would not have found an exploitation of Heartbleed?
- It’s a vacuous question: Heartbleed only reads outside a buffer, soย there is no possible exploit
- Anti-virus scanners tend to look for viruses and other malicious
- code, but Heartbleed exploits steal secrets without injecting any code
- Heartbleed exploits are easily mutated so the files they leaveย behind do not appear unusual
- Heartbleed attacks the anti-virus scanner itself
ย
Question 15)
An integer overflow occurs when
- an integer is used as if it was a pointer
- an integer is used to access a buffer outside of the buffer’s bounds
- there is no more space to hold integers in the programย
- an integer expression’s result “wraps around”; instead of creating a very large number, a very small (or negative) number ends up getting created
ย