Consider the following C code: void greet {char *arg) { char buffer [16]: printf
ID: 3885084 • Letter: C
Question
Consider the following C code: void greet {char *arg) { char buffer [16]: printf("I am the Senate. What is your name? "): scanf("%s", buffer): printf("It's treason then, %s ", buffer): } int main(int arge char *argv[]) { char beg [6] = 'Kenobi': char end [9] = 'maybe not?': strncat(beg, end, 5): greet(argv[1]): return 0: } What is the line number that has a memory vulnerability and what is this vulnerability called? Just before the program executes line 4, the registers are: %esp: 0xBFFFFB20 %ebp: 0xBFFFFB48 Given this information, describe in detail how an attacker would take advantage of the vulnerability. Also make sure to include the address that the attacker needs to over-write. (Maximum 5 sentences) What would you change to fix the problem in part 1? Given the code as is, would stack canaries prevent exploitation of this vulnerability? Why or why not?Explanation / Answer
line number 4 has memory vulnerability. The attack is called Buffer Overflows. They attack with giving long strings in inputs. They will create the overflow of memory values which will override the program-data and it would cause the loss of data and un-stability of machine. The attacker needs to override the address beyond 0xBFFFFB49 to the long limit. we would need to limit the scan range to the buffer range. Like this: scanf("%15s", buffer); Yes, the stack canaries can be used to prevent the exploitation of this vulnerability because the "buffer" variable is declared with size so it is a static array. In C, static arrays are stored on stack. if we had dynamic array then this wouldn't have helped because dynamic arrays are stored in heap memory.