CompTIA Security+ Question D-1

Which of the following was launched against a company based on the following IDS log? – – [21/May/2012:00:17:20 +1200] “GET
AAA HTTP/1.1″ 200 2731 “
forum/″ “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar”

A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack

Answer: B

The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.