While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This
could be an example of which of the following attacks?
A.
Cross-site scripting
B.
Buffer overflow
C.
Header manipulation
D.
Directory traversal
Explanation:
When the user opens an attachment, the attachment is loaded into memory. The error is caused by a memory issue due to a buffer overflow attack.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers
are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the
valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data
integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked
computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen
because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Incorrect Answers:
A: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into
Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers
fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it
has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into
web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the
browser on behalf of the user. As XSS is a web based attack, it would require the user to open a web page, not an email attachment. Therefore, this answer is
incorrect.
C: A header manipulation attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access. When used
with XSRF, the attacker can even change a user’s cookie. Internet Explorer 8 and above include InPrivate Filtering to help prevent some of this. By default, your
browser sends information to sites as they need it–think of requesting a map from a site; it needs to know your location in order to give directions. With InPrivate
Filtering, you can configure the browser not to share information that can be captured and manipulated. As header manipulation is a web based attack, it would
require the user to open a web page, not an email attachment. Therefore, this answer is incorrect.
D: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server’s root
directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Although some educated guesswork is
involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by
searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and
patches, filtering of input from browsers, and the use of vulnerability scanners. As directory traversal is a form of HTTP exploit, it would require the user to open a
web page, not an email attachment. Therefore, this answer is incorrect.http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 340
http://searchsecurity.techtarget.com/definition/directory-traversal