Virtual Labs

What is a format string vulnerability?

a: A type of vulnerability where user input is incorrectly formatted for display. Explanation

Explanation

b: A security flaw where user input is used as a format string in functions like printf, potentially allowing unauthorized access to memory. Explanation

Explanation

c: A vulnerability that occurs when a program fails to encrypt data properly. Explanation

Explanation

d: A bug that results in incorrect data being sent over a network. Explanation

Explanation

Which function is commonly associated with format string vulnerabilities?

a: scanf Explanation

Explanation

b: strcpy Explanation

Explanation

c: printf Explanation

Explanation

d: fopen Explanation

Explanation

What can be a consequence of exploiting a format string vulnerability?

a: The application might crash or behave unexpectedly. Explanation

Explanation

b: Sensitive data may be exposed from memory. Explanation

Explanation

c: Unauthorized code execution may occur. Explanation

Explanation

d: All of the above Explanation

Explanation

Which of the following is an example of unsafe code that could lead to a format string vulnerability?

a: printf(user_input); Explanation

Explanation

b: printf("%s", user_input); Explanation

Explanation

c: snprintf(buffer, sizeof(buffer), "%s", user_input); Explanation

Explanation

d: puts(user_input); Explanation

Explanation

What does the `%x` format specifier do when used in a format string attack?

a: Prints an integer in decimal format. Explanation

Explanation

b: Prints the memory content in hexadecimal format. Explanation

Explanation

c: Executes shell commands. Explanation

Explanation

d: Encrypts user input. Explanation

Explanation

Which security mechanism can help mitigate format string vulnerabilities?

a: Address Space Layout Randomization (ASLR) Explanation

Explanation

b: Disabling printf in all programs Explanation

Explanation

c: Using only numeric input in programs Explanation

Explanation

d: Granting programs root privileges Explanation

Explanation

Format String Vulnerabilities