What type of exploited vulnerability allows more input than the program has allocated space to store it?

A.
Symbolic links

B.
File descriptors

C.
Kernel flaws

D.
Buffer overflows

Explanation:
D: Poor programming practices allow more input than the software has allocated space to store it. This overwrites data or program memory after the end of the
allocated buffer, and sometimes it allows the attacker to inject program code and then cause the processor to execute it in what is called a buffer overflow. This
gives the attacker the same level of access as that held by the software that was successfully attacked. If the program was run as an administrative user or by the
system itself, this can mean complete access to the system. Good programming practice, automated source code scanners, enhanced programming libraries, and
strongly typed languages that disallow buffer overflows are all ways of reducing this type of vulnerability.
+ A is incorrect because a symbolic link is a stub file that redirects access to system files or data to another place. If an attacker can compromise the symbolic
link, then the attacker may be able to gain unauthorized access. (Symbolic links are used in Unix and Linux type systems.) This may allow the attacker to damage
important data and/or gain privileged access to the system. A historical example of this was to use a symbolic link to cause a program to delete a password
database, or replace a line in the password database with characters that, in essence, created an unpassworded root-equivalent account. Programs, and
especially scripts, must be written to assure that the full path to the file cannot be circumvented.
+ B is incorrect because file descriptors are exploited if a program makes unsafe use of a file descriptor and an attacker is able to cause unexpected input to be
provided to the program, or cause output to go to an unexpected place with the privileges of the executing program. File descriptors are numbers many operating
systems use to represent open files in a process. Certain file descriptor numbers are universal, meaning the same thing to all programs. Good programming
practices, automated source code scanners, and application security testing are all ways of reducing file descriptor attacks.
+ C is incorrect because kernel flaws are problems that occur below the level of the user interface, deep inside the operating system. Flaws in the kernel that can
be reached by an attacker, if exploitable, give the attacker the most powerful level of control over the system. It is important to ensure that security patches to
operating systemsafter sufficient testingare promptly deployed in the environment to keep the window of vulnerability as small as possible.