Format string attack

from Wikipedia, the free encyclopedia

The term format string attack describes the exploitation of a security hole that was discovered in 1999 by Przemysław Frasunek and tf8 .

The first exploit to use this technique allowed an attacker to take control of wu-ftpd 2.6.0. Format string attacks can be used to crash a program or to execute foreign code.

The problem arises from the use of unfiltered user input in certain C functions, such as printf()which are responsible for outputting formatted text. For example, a malicious user could use the% s and% x formatting tokens to get data from the stack . With the% n token, the number of characters output (as an integer ) can be written to any location in the memory.

This vulnerability is widespread because formatting errors were previously thought to be harmless. It occurs most often when a program is supposed to return input from the user and the programmer writes printf(buffer)instead of printf("%s", buffer). The first version is bufferinterpreted as a string with a formatting token. In the second version, however, the input string is simply output.

This type of error can only occur because subroutine calls in C are not type-safe and a variable number of parameters is permitted without a check being made to determine whether the number and type of the parameters read correspond to those of the parameters passed.

Web links