Which of the following application attacks is used to gain access to SEH?
A.
Cookie stealing
B.
Buffer overflow
C.
Directory traversal
D.
XML injection
Explanation:
Buffer overflow protection is used to detect the most common buffer overflows by checking that the
stack has not been altered when a function returns. If it has been altered, the program exits with a
segmentation fault. Microsoft’s implementation of Data Execution Prevention (DEP) mode explicitly
protects the pointer to the Structured Exception Handler (SEH) from being overwritten.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data
storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data,
the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting oroverwriting the valid data held in them. Although it may occur accidentally through programming error,
buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow
attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new
instructions to the attacked computer that could, for example, damage the user’s files, change data, or
disclose confidential information. Buffer overflow attacks are said to have arisen because the C
programming language supplied the framework, and poor programming practices supplied the
vulnerability.
Incorrect Answers:
A: In computer science, session hijacking, sometimes also known as cookie hijacking or cookie stealing is
the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized
access to information or services in a computer system. In particular, it is used to refer to the theft of a
magic cookie used to authenticate a user to a remote server. It has particular relevance to web
developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an
attacker using an intermediary computer or with access to the saved cookies on the victim’s computer.
This type of attack is not used to gain access to the Structured Exception Handler (SEH).
C: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to
access data in a directory other than the server’s root directory. If the attempt is successful, the hacker
can view restricted files or even execute commands on the server.
Although some educated guesswork is involved in finding paths to restricted files on a Web server, a
skilled hacker can easily carry out this type of attack on an inadequately protected server by searching
through the directory tree. The risk of such attacks can be minimized by careful Web server
programming, the installation of software updates and patches, filtering of input from browsers, and the
use of vulnerability scanners. This type of attack is not used to gain access to the Structured Exception
Handler (SEH).
D: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is
known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath)
with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a
similar manner to SQL, except that it does not have the same levels of access control, and taking
advantage of weaknesses within can return entire documents. The best way to prevent XML injection
attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return
more data than it should. This type of attack is not used to gain access to the Structured Exception
Handler (SEH).
http://searchsecurity.techtarget.com/definition/buffer-overflow
http://en.wikipedia.org/wiki/Session_hijacking
http://searchsecurity.techtarget.com/definition/directory-traversal
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 337