Q. Why are string-manipulation routines historically a reason for vulnerabilities?

View solution

Q. What is the aim of using automatic, compiler-generated stack checking?

View solution

Q. How does automatic, compiler-generated stack checking work?

View solution

Q. What is the purpose of the cookie used in stack checking?

View solution

Q. Why does the cookie used in stack checking need to be a random number?

View solution

Q. How does the use of a pseudorandom number as a cookie prevent an attacker from fooling the cookie verification code?

View solution

Q. What is stack checking?

View solution

Q. How does stack checking work?

View solution

Q. Why must the cookie be a random number in stack checking?

View solution

Q. Can stack checking completely eliminate the problem of buffer overflow bugs?

View solution

Q. How can an attacker defeat stack checking?

View solution

Q. What is nonexecutable memory?

View solution

Q. Which processors provide support for nonexecutable memory?

View solution

Q. Which operating systems support nonexecutable memory?

View solution

Q. Does nonexecutable memory completely eliminate the problem of buffer overflow attacks?

View solution

Q. What is the most popular strategy for attackers to overcome the hurdles imposed by nonexecutable memory systems?

View solution

Q. Which option is used for returning values to the caller in functions?

View solution

Q. Which type of vulnerability is required for an attacker to exploit the buffer overflow bug?

View solution

Q. What is the purpose of stack-checking mechanisms embedded into programs?

View solution

Q. What is a heap overflow?

View solution