Q. How does the use of a pseudorandom number as a cookie prevent an attacker from fooling the cookie verification code?

View solution

Q. What is stack checking?

View solution

Q. How does stack checking work?

View solution

Q. Why must the cookie be a random number in stack checking?

View solution

Q. Can stack checking completely eliminate the problem of buffer overflow bugs?

View solution

Q. How can an attacker defeat stack checking?

View solution

Q. What is nonexecutable memory?

View solution

Q. Which processors provide support for nonexecutable memory?

View solution

Q. Which operating systems support nonexecutable memory?

View solution

Q. Does nonexecutable memory completely eliminate the problem of buffer overflow attacks?

View solution

Q. What is the most popular strategy for attackers to overcome the hurdles imposed by nonexecutable memory systems?

View solution

Q. Which option is used for returning values to the caller in functions?

View solution

Q. Which type of vulnerability is required for an attacker to exploit the buffer overflow bug?

View solution

Q. What is the purpose of stack-checking mechanisms embedded into programs?

View solution

Q. What is a heap overflow?

View solution

Q. How does a heap overflow attack work?

View solution

Q. How are heaps arranged?

View solution

Q. What causes the program to crash in a heap overflow attack?

View solution

Q. How can attackers take advantage of the heap's linked-list structure?

View solution

Q. Why are heap overflows less common than stack overflows?

View solution