Question: can someone explain the vulnerabilities and exploits in this code? There is a class of computer system vulnerabilities and exploits based on format strings. The

can someone explain the vulnerabilities and exploits in this code?

There is a class of computer system vulnerabilities and exploits based on format strings. The following exercise will have you craft an input to exploit a format string vulnerability and crash the program. The vulnerable C source code (badEcho.c) is available via the course website. Download and compile the code under Ubuntu 18.04 LTS. 14. 57 700 Which line of the source code (badEcho.c) contains the vulnerability? 15. [5/__/0] Enter input that causes the program to crash (Segmentation Fault). Hint: You are on the correct track if you can first get the program to output more than what was entered by the user What input did you provide to crash the program? What sequence specifically in the input caused the program to crash? 16. [10/_/0] In your own words describe how your input caused the program to crash? In other words, what did your input cause the program to do that resulted in the crash? Hint: Carefully review the printf(3) man page. Use complete sentences, spelling and grammar count. 17. [10//0] In your own words describe how you can avoid a format string vulnerability when using printf(3)? Use appropriate terminology from the Basic C Programming section of the course. Use complete sentences; spelling and grammar count. // Required includes include include sinclude Winclude // Standard Definitions Library / Standard Library // Standard I/O Library: printf(3), scanf(3) // String Library: strlen(3) // Global Constants and Variables #define MAX_BUFFER LEN 80 // Read in a line, echo the line int nain(int argc, char *arg ) // Declare required variables char buffliner MAX BUFFER LEN) int intReturnStatus : 1/ Perform function scanf("% s buffline); /* scanf(3) is in the printf(3) fanily of library routines, scanf and printf use the same format specifiers. printf writes data to Standard Output, scanf reads in data from Standard Input. See the scanf man page for more infornation ( s nan 3 scanf ). Additionally. printf and scanf each have their own unique formate specifiers. buffline MAX BUFFER LEN - 1] = '\0' // Make sure the character array (string) ts NULL byte terminated; the NULL byte signifies the end of the string printf(buffline); if (buffline strlen( buffline ) - 2 ] 1 'in') printf(" "); // Return return intReturnStatus

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

re Regular Languages and Finite Automata (a) Let L be the set of all strings over the alphabet {a, b} that end in a and do not contain the substring bb. Describe a deterministic finite automaton...

TANGLEWOOD CASEBOOK for use with STAFFING ORGANIZATIONS 5th Ed. Kammeyer-Mueller 1 TANGLEWOOD CASEBOOK To accompany Staffing Organizations, fifth edition, 2006. Prepared by John Kammeyer-Mueller...

BMI App using android studio. Please can someone help me. It's urgent. I have alredy build up the xml file. So don't worry about it. I just need the MainActivity.java and BMIModel.java file. Thanks....

in C++ please ----- In the world of information security and cyber, we are dealing with attempts by hackers (hereinafter - "malicious attack") to break into software systems by various methods. One...

Programming a BlockChain Bitcoin is a cryptocurrency created in 2008 used to perform online payments without requiring a trusted central authority. It is based on a technology that uses a distributed...

This question concerns lexical grammars. (a) Tree Adjoining Grammars contain two types of elementary tree. (i) What are these trees called? [1 mark] (ii) If one were building a grammar for English...

XYZ What is the difference between volatile and nonvolatile memory? Is RAM volatile or nonvolatile? Is ROM volatile or nonvolatile? 7.9 Registers perform a very important role in the fetch-execute...

This question involves the use of AGGREGATE linear PYTHOIN regression on the Auto data set. (a) Perform a simple linear regression with mpg as the response and horsepower as the predictor. Describe...

please help me to find the answer for part 1, part3 and part4 Queensland University of Technology QUT Business School School of Accountancy AYB 339 Accountancy Capstone Integrated Case Study Semester...

See Project 03-01 Assignment Spring 2015.docx Please Help me on this homework i am having some trouble answering it. Product SAP ERP GBI Release 6.04 Level Undergraduate Graduate Focus...

Who should and should not serve on a board of directors (BOD)? Should a BOD strive for diversity in its members? Should the CEO or other insiders be allowed to serve on the BOD? Is industry...

Apply the analysis of Prob. 6.54 to the following data. Let W = 5 m, Y = 8 m, ho =2 m, L = 15 m, D = 5 cm, and = 0. (a) By letting h = 1.5 m and 0.5 m as representative depths, estimate the average...

Depreciation Methods and its tax rate is \ ( 2 5 \ % \ ) . \ begin { tabular } { cll } Year & \ begin { tabular } { c } Scenario 1 \ \ ( Straight Line ) \ end { tabular } & \ begin { tabular } { c }...

P-1) (100 Pts.) A chemical manufacturing company (CMC) has a contract for the procurement of the neccssaly chemicals from four suppliers. The chemicals purchased from Supplier A are priced at $20...

2. What efforts are countries making to reverse the brain drain?

3. Explain the process of job evaluation and comment on how a points rating job evaluation scheme can contribute to perceptions of fairness from the point of view of employees.

3. In your view what are the ethical considerations when employing talented people from a third-world country?