The learning objective of this lab is twofold. The first part (Terms) is designed to focus our attention
on terms and concepts that we may not know, or only have partial familiarity. The second part
(Laboratory) is designed to give you first-hand experience with buffer-overflow vulnerabilities that
may appear in code. Buffer overflow is defined as the condition in which a program attempts
to write data beyond the boundaries of pre-allocated fixed length buffers. This vulnerability can
be used by a malicious user to alter the flow control of the program, leading to the execution of
malicious code. This lab focuses on:
• Identification and remediation of a buffer overflow vulnerability in code
2 Terms
2.1 Tasks
Complete the assigned readings from the Buffer Overflows Module.
Question A
While you read the assigned reading for the Module, list the terms that you have either never
heard before or you may have heard but don’t really know what they mean. There is no
minimum or maximum.
Question B
Explain in your own words. (e.g. what they are, what they do) the following terms1:
1. root
2. root privilege
3. sudo
4. kernel
5. executable
6. setuid program (or process)
7. shell (e.g. /bin/sh or /bin/bash)
8. shellcode
9. stdio.h (in C programs)
10. #include <sdtlib.h> (in C programs)
11. compilation
12. chown
13. return-to-libc attack
You are welcome to find and study the terms from whatever credible sources you want and cite
them, but you need to explain the terms in your own words. Did I mention the answers need to be
in your own words?
1Tip: The typical mistake that will get you a zero with this question is doing internet searches, or using the
textbook and copy-pasting definitions and explanations. Please be careful, the objective is to see what you understand
and how you explain the term, not how well you can copy-paste or use Google!
2
In your answers, indicate your level of engagement (e.g. don’t know what it is, know what it is but
never used, used once, used extensively, installed, and configured)
1. Have you ever used or installed a software hypervisor like Virtual Box or VMWare?
2. Have you ever used or installed Linux (if so, what distribution)?
3 Laboratory
3.1 Description
In this lab, you are given a program with a potential buffer-overflow vulnerability and tasked with
analyzing, identifying and correcting the vulnerability. A crude description of the occurrence of a
buffer overflow is when too much data is either accidentally or maliciously attempted to be stored
in an object, causing adverse effects to the program. In this context, “too much data” is relative
to the size and capacity of the “object storing the data”. The “object storing the data” can be
anything, ranging from a data structure (e.g. array) in modern programming languages to lower
level structures like registers when programming in assembly. When this happens, there is an
adverse affect that may manifest as a program crash or as a transition of the program to a state
that offers an adversary an exploitable vulnerability.
3.2 Tasks
1. Select ONE of the provided code segments.
2. Compile2 and run the code.
Questions
1. Program Analysis:
(a) (5 pts) Describe the expected behavior of the program by reading the code.
(b) (5 pts) Describe the input you used to cause a buffer overflow when you ran the code.
(c) (5 pts) How did the buffer overflow manifest? Provide the exact error you received as
evidence.
2. (20 pts) Identify and describe the buffer overflow problem in the code.
3. (20 pts) Describe how you would prevent the buffer overflow from occurring in the code.
4. (40 pts) Correct the program to eliminate the buffer overflow problem from occurring. In the
provided code, make sure you add comments to indicate what is being changed.
5. (5 pts) Describe the behavior of the corrected progra