Content deleted Content added
m wikilink for type safety |
No edit summary |
||
Line 1:
Format string attacks are a new class of [[Exploit_(computer_science)|vulnerabilities]] discovered in June of 2000 by [[Przemysław Frasunek]] and [[tf8]], previously thought harmless. The first exploit which used new technique allowed to gain remote root privileges on [[wu-ftpd]] 2.6.0. Format string attacks can be used to [[Crash_(computing)|crash]] a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain [[C_programming_language|C]] functions that perform formatting, such as <code>[[Printf|printf()]]</code>. A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands <code>printf()</code> and similar functions to write back the number of bytes formatted to the same argument to <code>printf()</code>, assuming that the corresponding [[Argument|argument]] exists, and is of [[Datatype|type]] int * .
This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. [http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string MITRE's CVE project] list roughly 150 vulnerable programs.
Line 17:
==External links==
*[http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2 The first format string exploit]
*[http://teso.scene.at/articles/formatstring/ Exploiting Format String Vulnerabilities]
*[http://www.securityfocus.com/archive/1/70552 Excellent Paper on Exploiting Format String Bugs]
| |||