Homework 5, Programmer Errors.

Short Description:

Gain a better understanding of software vulnerabilities.

Goals

When you finish this homework, you should have:

Done something

Formal Description

Please provide your answers in a word document. Answers should be complete and not minimialistic. Please be professional in your answers.

Stack Overflow
1. Describe the properties of a program that is vulnerable to a stack overflow attack.
2. Describe how data is placed in a simple stack overflow attack. What is this data?
3. Describe what occurs in a simple stack overflow attack. Use your answer from the first two parts.
CVE-2019-15142 is a vulnerability to the DJVU file format.
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a boundary error when processing DJVU files in DjVmDir.cpp in DjVuLibre. A remote attacker can create a specially crafted DJVU, trick the victim into opening it, trigger heap-based buffer overflow and crash the application using the affected library. (https://www.cybersecurity-help.cz/vdb/SB2021122901).
This library uses the strdup function call. Describe what you believe is happening based on your buffer overflow knowledge.
When solving this problem
- Read the man page for strdup (man strdup on a linux system or online)
- Investigate the vulnerability online.
- Review the buffer overflow lab.
- Review the purpose of the heap, (Memory allocaton P 136 of the book)
Please read Reflections on Trusting Trust. by Ken Thompson.
1. What is the author proposing in the portion labeled Stage III? Describe this in your own words at a level your fellow students would understand.
2. What is the author saying in the section labeled Moral?
3. This article was written quite a while ago, is the Moral section still germane today? Why or why not?

Required Files

A document containing the answers to the above questions.

Submission

Submit the assignment to the D2L folder homework 5.