Textbook Problems

• Chapter 10: 10.3, 10.4, 10.5 (use shellcode from in-out demonstration), 10.8, 10.10 – 10.14
• Chapter 6: 6.1, 6.2, 6.4 – 6.14
• Chapter 8: 8.1, 8.8

Additional Problems

1. This is an example of a different type of buffer overflow vulnerability. How can one get the program to grant “root privileges” without knowing the correct password? Is the attack blocked by any of the three buffer overflow defenses that we discussed in class? (code example from www.thegeekstuff.com)

    
       #include <stdio.h>
       #include <string.h>   
       int main(void) { 
          int pass = 0; 
          char buff[15]; 
          printf("Enter the password: "); 
          gets(buff); 
          if( strcmp(buff, "thegeekstuff") ) { 
             printf ("\nWrong Password\n"); 
          } else { 
             printf ("\nCorrect Password\n"); 
             pass = 1; 
          } 
          if(pass) { 
            /* Now Give root or admin rights to user*/ 
            printf ("\nRoot privileges given to the user\n"); 
          } 
          return 0; 
       }
   

2. Suppose an antivirus product has a 95% detection rate for the Brookly.99 virus; that is, given a file infected with the virus the software will detect the virus with probability .95. In addition, suppose the software has a 2% false positive rate, so that if a file is not infected, there is still a .02 probability that the software will indicate that it is infected. It is known Brooklyn.99 has infected 0.1% of all executable files. If the antivirus software indicates that a file is infected, what is the probability that it is actually infected?
   
   You will need to use Bayes' Theorem:
   

   
                        P(B|A)
     P(A|B) =  ---------------------------
               P(B|A) P(A) + P(B|A') P(A')
   

   where A and B are events, and A' is the complement of A.