An attacker used an undocumented and unknown application exploit to gain access to a file server. Which
of the following BEST describes this type of attack?
A.
Integer overflow
B.
Cross-site scripting
C.
Zero-day
D.
Session hijacking
E.
XML injection
Explanation:
The vulnerability is undocumented and unknown. This is zero day vulnerability.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is
then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a
zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted
access to user information. The term “zero day” refers to the unknown nature of the hole to those
outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins
for the developer, who must protect users.
Incorrect Answers:
A: Integer overflow is the result of an attempt by a CPU to arithmetically generate a number larger than
what can fit in the devoted memory storage space. Arithmetic operations always have the potential ofreturning unexpected values, which may cause an error that forces the whole program to shut down. For
this reason, most programmers prefer to perform mathematical operations inside an exception frame,
which returns an exception in the case of integer overflow instead. This is not what is described in this
question.
B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web
applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems
on which they rely. Exploiting one of these, attackers fold malicious content into the content being
delivered from the compromised site. When the resulting combined content arrives at the client-side web
browser, it has all been delivered from the trusted source, and thus operates under the permissions
granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain
elevated access-privileges to sensitive page content, session cookies, and a variety of other information
maintained by the browser on behalf of the user. This is not what is described in this question.
D: In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of
a valid computer session—sometimes also called a session key—to gain unauthorized access to
information or services in a computer system. In particular, it is used to refer to the theft of a magic
cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as
the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using
an intermediary computer or with access to the saved cookies on the victim’s computer. This is not what
is described in this question.
E: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is
known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath)
with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a
similar manner to SQL, except that it does not have the same levels of access control, and taking
advantage of weaknesses within can return entire documents. The best way to prevent XML injection
attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return
more data than it should. This is not what is described in this question.http://www.pctools.com/security-news/zero-day-vulnerability/
http://www.techopedia.com/definition/14427/integer-overflowhttp://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Session_hijacking
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 337