Content deleted Content added
m fixups |
Added Link |
||
Line 1:
Format string attacks are a new class of [[Exploit_(computer_science)|vulnerabilities]] discovered in June of 2000 previously thought harmless. The problem exists in the %n format token for [[C_programming_language|C]]'s <code>[[Printf|printf()]]</code> format strings that commands <code>printf()</code> to write back the number of bytes formatted to the same argument to <code>printf()</code>, assuming that the corresponding [[Argument|argument]] exists, and is of [[Datatype|type]] int * . [[Software]] that allows unfiltered user input as the first argument to <code>printf()</code> is vulnerable to format string attacks.
This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. [http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string MITRE's CVE project] list roughly 150 vulnerable programs.
Line 12:
===External Links===
*[http://teso.scene.at/articles/formatstring/ Exploiting Format String Vulnerabilities]
*[http://www.securityfocus.com/archive/1/70552 Excellent Paper on Exploiting Format String Bugs]
*[http://www.securityfocus.com/data/library/format-bug-analysis.pdf Analysis of Format Strings Bugs]
*[http://www.hert.org/papers/format.html Hacker Emergency Response Team - Exploiting Format Strings]
| |||