Unit 2 Homework
Textbook Problems
- Chapter 10: 10.3, 10.4, 10.5 (use shellcode from in-out demonstration), 10.8, 10.10 – 10.14
- Chapter 6: 6.1, 6.2, 6.4 – 6.14
- Chapter 8: 8.1, 8.8
Additional Problems
-
This is an example of a different type of buffer overflow
vulnerability. How can one get the program to grant “root
privileges” without knowing the correct password? Is the attack
blocked by any of the three buffer overflow defenses that we
discussed in class? (code example from www.thegeekstuff.com)
#include <stdio.h> #include <string.h> int main(void) { int pass = 0; char buff[15]; printf("Enter the password: "); gets(buff); if( strcmp(buff, "thegeekstuff") ) { printf ("\nWrong Password\n"); } else { printf ("\nCorrect Password\n"); pass = 1; } if(pass) { /* Now Give root or admin rights to user*/ printf ("\nRoot privileges given to the user\n"); } return 0; }
-
Suppose an antivirus product has a 95% detection rate for the
Brookly.99 virus; that is, given a file infected with the virus
the software will detect the virus with probability .95. In
addition, suppose the software has a 2% false positive rate, so
that if a file is not infected, there is still a .02
probability that the software will indicate that it is infected.
It is known Brooklyn.99 has infected 0.1% of all executable files.
If the antivirus software indicates that a file is infected, what
is the probability that it is actually infected?
You will need to use Bayes' Theorem:
P(B|A) P(A|B) = --------------------------- P(B|A) P(A) + P(B|A') P(A')
where A and B are events, and A' is the complement of A.