A simple compiler technique used by programmers is to add a terminator ‘canary word’ containing
four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are
terminated. If the canary word has been altered when the function returns, and the program
responds by emitting an intruder alert into syslog, and then halts what does it indicate?
A.
A buffer overflow attack has been attempted
B.
A buffer overflow attack has already occurred
C.
A firewall has been breached and this is logged
D.
An intrusion detection system has been triggered
E.
The system has crashed
A is the Ans.
Canary value is use to defend against the Buffer Overflow attack. if the canary value terminates then it would be vulnerable to Buffer Overflow attack