Q. In Buffer overflow, EIP can be controlled to execute malicious code at all levels except
Reason: The EIP(Extended Instruction Pointer) can be controlled to execute malicious code at the user level if the infected code lies with the user files. Similarly it can happen at root or system level when the functionalities /programs requiring root access are vulnerable . For example passwd is a program requiring root access but when a user executes it, it runs as root process. If this program itself is vulnerable, it can do malicious things gaining root access/ownerships
Q. The EBP register is the base of the current stack frame of a process in higher address
Reason: The stack grows backwards. Two registers ESP(extended stack pointer) and EBP (Extended base pointer) works with stack . ESP points to the lower addresses (top of stack) while EBP points to higher addresses(current frame of the stack)
Q. Which one of the following isn’t a part of the stack operation?
Reason: When a function is called, the called functions' s first job is to save the calling program 's EBP onto the stack(return address). Next job is to decrement ESP to make room for local variables of the called function so that the function can execute. Last job is to clean up the stack by incementing ESP to EBP effectively don eby the leave statement. Next EIP is popped out of the stack to return to calling program
In Buffer overflow, EIP can be controlled to execute malicious code at all levesl except Root...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...