CompTIA Security+ (SY0-501) — Question 1043

During a routine vulnerability assessment, the following command was successful: echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25
Which of the following vulnerabilities is being exploited?

Answer options

• A. Buffer overflow directed at a specific host MTA
• B. SQL injection directed at a web server
• C. Cross-site scripting directed at www.company.com
• D. Race condition in a UNIX shell script

Correct answer: A

Explanation

The command uses 'vrfy' to exploit a buffer overflow vulnerability in the mail transfer agent (MTA) by sending a large amount of data, which can overwhelm the buffer. The other options describe different types of vulnerabilities that are not applicable to the command being executed, such as SQL injection, cross-site scripting, and race conditions.