Translate texts with the world's best machine translation technology, developed by the creators of Linguee. Look up words and phrases in comprehensive, reliable bilingual dictionaries and search through billions of online translations. Look up in Linguee Suggest as a translation of "buffer overflow vulnerabilities" Copy. DeepL Translator Linguee.
|Published (Last):||26 February 2007|
|PDF File Size:||18.91 Mb|
|ePub File Size:||14.95 Mb|
|Price:||Free* [*Free Regsitration Required]|
Uncontrolled format string is a type of software vulnerability discovered around that can be used in security exploits. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf. A typical exploit uses a combination of these techniques to take control of the instruction pointer IP of a process,  for example by forcing a program to overwrite the address of a library function or the return address on the stack with a pointer to some malicious shellcode.
This is a common vulnerability because format bugs were previously thought harmless and resulted in vulnerabilities in many common tools. MITRE's CVE project lists roughly vulnerable programs as of June , and a trend analysis ranks it the 9th most-reported vulnerability type between and Format string bugs most commonly appear when a programmer wishes to output a string containing user supplied data either to a file, to a buffer, or to the user.
The first version interprets buffer as a format string, and parses any formatting instructions it may contain. The second version simply prints a string to the screen, as the programmer intended.
Both versions behave identically in the absence of format specifiers in the string, which makes it easy for the mistake to go unnoticed by the developer. Format bugs arise because C's argument passing conventions are not type-safe. In particular, the varargs mechanism allows functions to accept any number of arguments e. Format string bugs can occur in other programming languages besides C, such as Perl, although they appear with less frequency and usually cannot be exploited to execute code of the attacker's choice.
Format bugs were first noted in by the fuzz testing work done at the University of Wisconsin, which discovered an "interaction effect" in the C shell csh between its command history mechanism and an error routine that assumed safe string input.
Extensive tests with contrived arguments to printf-style functions showed that use of this for privilege escalation was possible. This led to the first posting in September on the Bugtraq mailing list regarding this class of vulnerabilities, including a basic exploit. Many compilers can statically check format strings and produce warnings for dangerous or suspect formats.
Most of these are only useful for detecting bad format strings that are known at compile-time. If the format string may come from the user or from a source external to the application, the application must validate the format string before using it.
Care must also be taken if the application generates or selects format strings on the fly. The -Wformat-nonliteral check is more stringent. Contrary to many other security issues, the root cause of format string vulnerabilities is relatively easy to detect in xcompiled executables: For printf -family functions, proper use implies a separate argument for the format string and the arguments to be formatted.
Faulty uses of such functions can be spotted by simply counting the number of arguments passed to the function; an 'argument deficiency'  is then a strong indicator that the function was misused. Counting the number of arguments is often made easy on x86 due to a calling convention where the caller removes the arguments that were pushed onto the stack by adding to the stack pointer after the call, so a simple examination of the stack correction yields the number of arguments passed to the printf -family function.
Buffer Overflows und Format-String-Schwachstellen : Funktionsweisen, Exploits und Gegenmaßnahmen
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F. Add open access links from to the list of external document links if available. Privacy notice: By enabling the option above, your browser will contact the API of unpaywall. Although we do not have any reason to believe that your call will be tracked, we do not have any control over how the remote server uses your data.
Books by Tobias Klein
Buffer Overflows und Format-String-Schwachstellen by Tobias Klein
Uncontrolled format string