Format String Attack

From Guidance Share
Jump to navigationJump to search

Description

Format string attacks are a new class of vulnerabilities discovered in June of 2000 by Przemysław Frasunek and tf8, previously thought to be harmless. The first exploit which used the new technique allowed an attacker to gain remote root privileges on wu-ftpd 2.6.0. Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write back the number of bytes formatted to an argument of type int *. By manipulating the stack by using spurious format tokens, this argument can be faked as part of the format string. (http://en.wikipedia.org/wiki/Format_string_attacks)


Impact

  • Examine the stack
  • Overwrite areas of memory leading to an elevation of priviledge or bypassing of logic
  • Execute code on client machine


Vulnerabilities

  • Allowing an untrusted source to manipulate the format string (e.g., format string in printf())


Countermeasures

  • Hard code the format string.
  • Format strings should not contain any user controlled data