Exam SY0-501 topic 1 question 946 discussion

almost sounds like the definition of race conditioning to me

It's definitely Race Condition. A race condition arises in software when a computer program, to operate properly, depends on the sequence or timing of the program's processes or threads. Critical race conditions cause invalid execution and software bugs. Critical race conditions often happen when the processes or threads depend on some shared state.

Race condition attacks aim to exploit the sequence of events or operations in systems to achieve unintended outcomes.

lol looks like D... Race conditions occur when the outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer. A race condition vulnerability is typically found where multiple threads are attempting to write a variable or object at the same memory location. Race conditions have been used as an anti-virus evasion technique. In 2016, the Linux® kernel was discovered to have an exploitable race condition vulnerability, known as Dirty COW (https://www.theregister.co.uk/2016/10/21/linux_privilege_escalation_hole). This type of vulnerability is mitigated by ensuring that a memory object is locked when one thread is manipulating it. Reference: 1. COM501B

A race condition attack happens when a computing system that’s designed to handle tasks in a specific sequence is forced to perform two or more operations simultaneously. This technique takes advantage of a time gap between the moment a service is initiated and the moment a security control takes effect. HMMMM thinking it is race conditions

Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input. https://www.geeksforgeeks.org/buffer-overflow-attack-with-example/

The difference between the time of commitment and execution is the definition of race condition...though knowing CompTIA they'd probably want buffer overflow.

Security vulnerabilities caused by race conditions When a program that is designed to handle tasks in a specific sequence is asked to perform two or more operations simultaneously, an attacker can take advantage of the time gap between when the service is initiated and when a security control takes effect in order to create a deadlock or thread block situation.

Is buffer overflow, here's the definition: Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior or from becoming serious security vulnerabilities. The key phrase of the question is "unexpected system behavior"

MM 501 talks about RC as simultaneous not differential. The closes support I could find is actually for B Dll Injection: "DLL injection is a technique used by bad actors to get users to run malicious code. The code runs in the address space of another process and loads a malicious DLL. Once the DLL runs, all the usual impacts come into play: system control is one of the most common" Meyer's Sy0-501 p 477 Race condition indicates simultaneous, not differential: "Sometimes the effect of two or more simultaneous transactions can result in undesired results called a race condition."

I came across buffer overflow in two books.

Stack-based buffer overflows are the most common. They use stack memory, which exists during the execution time of a function.

It should be Race Condition

It looks like a pointer dereference to me: https://stackoverflow.com/questions/4955198/what-does-dereferencing-a-pointer-mean Reviewing the basic terminology

me too race condition seems to be a right answers