Program Insecurity

1. What is the difference between a vulnerability and an exploit?

2. What is a CVE alert (Common Vulnerability and Exposure) and when is it emitted?

3. What is a zero-day attack and when does it occurs?

4. In a “stack smashing attack”,

   • what kind of programming error does the attacker want to exploit?
   • what does the attacker aim to overwrite?
   • What does the attacker aim to inject?
   • when the attack succeeds, what privileges does the attacker get?

Operating System Insecurity

1. Assuming that the attacker does not have an user account on a machine (nor a physical access to the machine), how can he/she attack it? When the attack succeeds what privileges does the attacker get?

2. Assuming that the attacker does have an account on the machine (but not a physical access), how can he/she attack it? When the attack succeeds what privileges does the attacker get?

3. Assuming that the attacker does have a physical access to the machine, how can he/she attack it? When the attack succeeds what privileges does the attacker get?