When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason?
A.
Human error
B.
The Windows Operating system
C.
Insecure programming languages
D.
Insecure Transport Protocols
Explanation:
The human error in this answer is poor programming by the software developer.
A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an
allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any
use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the
attacker wants executed.
When a programmer writes a piece of software that will accept data, this data and its associated instructions
will be stored in the buffers that make up a stack. The buffers need to be the right size to accept the inputted
data. So if the input is supposed to be one character, the buffer should be one byte in size. If a programmer
does not ensure that only one byte of data is being inserted into the software, then someone can input several
characters at once and thus overflow that specific buffer.
Incorrect Answers:
B: The Windows Operating system does not cause buffer overflow vulnerabilities.
C: Insecure programming languages do not cause buffer overflow vulnerabilities.
D: Insecure Transport Protocols do not cause buffer overflow vulnerabilities.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 332