Revision as of 19:00, 7 April 2004 edit 62.134.120.103 (talk) No edit summary ← Previous edit		Revision as of 19:38, 14 May 2004 edit undo 130.238.186.108 (talk) +syslog Next edit →
Line 1: Format string attacks are a new class of [[Exploit_(computer_science)\|vulnerabilities]] discovered in June of 2000 previously thought harmless. The problem exists in the %n format token for [[C_programming_language\|C]]'s <code>[[Printf\|printf()]]</code> format strings that commands <code>printf()</code> and similar functions to write back the number of bytes formatted to the same argument to <code>printf()</code>, assuming that the corresponding [[Argument\|argument]] exists, and is of [[Datatype\|type]] int * . [[Software]] that allows unfiltered user input as the first argument to <code>printf()</code> is vulnerable to format string attacks. This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. [http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string MITRE's CVE project] list roughly 150 vulnerable programs. Line 9: [[sprintf]] [[snprintf]] *[[syslog]] ==References==

Uncontrolled format string: Difference between revisions