Content deleted Content added
m Fixing broken securityfocus link + adding an external link to more format string related whitepapers |
LizardWizard (talk | contribs) m Non-breaking space between "int" and "*" |
||
Line 1:
'''Format string attacks''' are a class of [[Exploit_(computer_science)|vulnerabilities]] discovered in [[June 2000]] by [[Przemysław Frasunek]] and [[tf8]], previously thought to be harmless. The first exploit which used the new technique allowed an attacker to gain remote root privileges on [[wu-ftpd]] 2.6.0. Format string attacks can be used to [[Crash_(computing)|crash]] a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain [[C_programming_language|C]] functions that perform formatting, such as <code>[[Printf|printf()]]</code>. A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands <code>printf()</code> and similar functions to write back the number of bytes formatted to an argument of [[Datatype|type]] int
This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. [http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string MITRE's CVE project] list roughly 150 vulnerable programs.
| |||