Chapter 27 Β· Quiz

Buffer Overflows Quiz

Test your knowledge. Select answers, then grade all at once.

Question 1: What is a buffer overflow?

Correct answer: B. A buffer overflow occurs when a program writes more data into a buffer than the buffer was designed to hold. The first bytes fill the buffer as intended. The excess bytes have nowhere to go in the allocated space β€” they overflow and land in adjacent memory, overwriting whatever is stored there. A: a network packet flood is a denial-of-service attack, not a buffer overflow. C: reading from an empty buffer is a different kind of programming error. D: buffer overflows are about memory writes, not encryption.

Question 2: Which developer technique directly prevents buffer overflows from occurring?

Correct answer: C. Bounds checking is the developer technique that prevents buffer overflows. Before writing data into a buffer, the program checks whether the incoming data fits. If the data is larger than the buffer β€” the write is rejected. If bounds checking is applied correctly everywhere data is written into memory, buffer overflows cannot occur. A: encryption does not prevent writing past buffer boundaries. B: allocating a larger buffer reduces the chance but does not eliminate it β€” an attacker can always send more data than any fixed buffer, and the fundamental problem (no bounds check) remains. D: authentication prevents unauthorized users from reaching input fields but does not prevent an authenticated attacker from sending oversized input.

Question 3: Why are buffer overflows considered difficult to exploit?

Correct answer: D. When an attacker overflows a buffer, the excess data writes into adjacent memory β€” but adjacent memory may hold values the program needs to run correctly. If those values are corrupted, the application crashes. A crashed application is useless to the attacker. Finding the specific overflow that changes adjacent memory in a controlled, predictable way β€” without crashing β€” takes considerable time and effort. The gap between "I found an overflow" and "I have a working exploit" is often enormous. A, B, C: buffer overflows are not restricted to local networks, do not require admin credentials, and are not limited to legacy operating systems.

Question 4: What is the key requirement that separates a truly dangerous buffer overflow exploit from a merely interesting one?

Correct answer: A. Repeatability is the key requirement. A repeatable buffer overflow produces exactly the same outcome β€” every single time the specific input is sent. Not sometimes, not most of the time β€” every time. When an attacker achieves repeatability, the overflow can be turned into a reliable tool, automated, and deployed against every machine running the vulnerable software. A buffer overflow that works 40% of the time is not particularly dangerous. A buffer overflow that works 100% of the time is a serious threat. B, C, D: these are not requirements for a dangerous overflow β€” repeatability is.

Question 5: In the variable A/B demonstration, variable B initially holds the value 1,979. After the word "excessive" is entered into variable A, what value does variable B hold?

Correct answer: C. "Excessive" has 9 characters: E-X-C-E-S-S-I-V-E. Variable A holds 8 bytes. The first 8 characters fill variable A. The 9th character β€” E β€” overflows into variable B. The letter E has a hexadecimal value of 65. That single byte landing in variable B changes its value to 25,856. Since 25,856 is above the administrator threshold of 24,000, the attacker receives administrator rights with no credentials whatsoever. A: variable B is changed by the overflow β€” 1,979 is the starting value, not the final value. B: 65 is the hex value of E, not the resulting value of variable B. D: 24,000 is the threshold for admin rights, not the value written by the overflow.

Matching: Buffer Overflow Terms

Match each term to its correct definition.

TERM

Buffer
Buffer Overflow
Bounds Checking
Privilege Escalation

DEFINITION

A fixed area of memory reserved by a program to hold data temporarily while it is being processed
Writing more data into a buffer than it was allocated to hold, causing excess data to spill into adjacent memory
The developer technique of verifying that incoming data fits the allocated buffer before writing
Gaining a higher level of system access than originally permitted β€” the outcome achieved in the variable A/B demonstration