In: Computer Science
Select the item below that best describes a buffer overflow and how is it used against a web server? a. A buffer overflow occurs when more data is sent to an input buffer field than its size. This can be used to overwrite the stack with malicious code and a return pointer to the malicious code. b. A buffer overflow is caused over a network when there is a mismatch in the processing rates between the two entities involved in the communication process. c. A buffer overflow occurs when rows of data are accessed directly in a database table that are larger than the defined row size for the table. d. Most of the time a buffer overflow occurs when a bug is released accidentally in a proprietary operating system.
SOLUTION
What is buffer overflow attack?
A buffer overflow attack occurs when malicious code accidentally or intentionally injects data which is more than the capacity of buffer used to store data.A buffer can be array which stores data in sequential memory location. Extra data exceeds the capacity of the buffer and overwrite some data item stored next to array . The overwrite value may contain a code which can cause a further Denial of Service(DoS) attack in the compromised system.
option a) is closest to buffer overflow problem.
option b) is flow control issue whereby receiver or sender whichever is slow may be overwhelmed by the other with data.
option c) is database table row size error which occurs when the declared table contain size of data field which exceed maximum allowed row size.For example below is one such case in mysql DB.
mysql> CREATE TABLE exam (st VARCHAR(10000), nm VARCHAR(10000), rol VARCHAR(10000), par VARCHAR(10000), e VARCHAR(10000), f VARCHAR(10000), g VARCHAR(6000)) ENGINE=MyISAM CHARACTER SET latin1; ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 65535. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs
option d) A reason of bug injection in operating are many.It may be due to poor design of code , not generating proper test case to uncover bug a priori , changed system component among many other.