Revision as of 17:44, 10 September 2018 edit ThomasDullien (talk \| contribs) 17 edits The exploits mentioned were not the first privilege escalation issues; they were the first remote root exploits that obtained code execution and then a root shell. Furthermore added some details about detecting format strings in binaries. (Full disclosure: I was the author of a presentation back then that described scanning binaries for format string bugs; it is referenced from the TESO article, but I felt I should not add a reference to the main page due to conflict-of-interest). ← Previous edit		Revision as of 07:51, 1 December 2018 edit undo 138.16.128.0 (talk) →Detection in x86-compiled binaries Next edit →
Line 25: == Detection in x86-compiled binaries == Contrary to many other security issues, the root cause of format string vulnerabilities is relatively ~~easily~~easy ~~detectable~~to detect in x86-compiled executables: For <code>printf</code>-family functions, proper use implies a separate argument for the format string and the arguments to be formatted. Faulty uses of such functions can be spotted by simply counting the number of arguments passed to the function; an 'argument deficiency'<ref name="team_teso"/> is then a strong indicator that the function was misused. Counting the number of arguments is often made easy on x86 due to a calling convention where the caller removes the arguments that were pushed onto the stack by adding to the stack pointer after the call, so a simple examination of the stack correction yields the number of arguments passed to the <code>printf</code>-family function.

Uncontrolled format string: Difference between revisions