Which of the following application attacks is used to gain access to SEH?
A.
Cookie stealing
B.
Buffer overflow
C.
Directory traversal
D.
XML injection
Explanation:
Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has
been altered, the program exits with a segmentation fault. Microsoft’s implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the
Structured Exception Handler (SEH) from being overwritten.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers
are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the
valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data
integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked
computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen
because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Incorrect Answers:
A: In computer science, session hijacking, sometimes also known as cookie hijacking or cookie stealing is the exploitation of a valid computer session–sometimes
also called a session key–to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie
used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites
can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer. This type of attack is not used to
gain access to the Structured Exception Handler (SEH). Therefore, this answer is incorrect.
C: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server’s root
directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Although some educated guesswork is
involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by
searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and
patches, filtering of input from browsers, and the use of vulnerability scanners. This type of attack is not used to gain access to the Structured Exception Handler
(SEH). Therefore, this answer is incorrect.
D: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the
user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar
manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best
way to prevent XML injection attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return more data than it should. This
type of attack is not used to gain access to the Structured Exception Handler (SEH). Therefore, this answer is incorrect.http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Session_hijacking
http://searchsecurity.techtarget.com/definition/directory-traversal Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex,
Indianapolis, 2014, p 337