Uncontrolled format string

The term describes the format string attack exploiting a vulnerability, which was discovered in 1999 by Przemysław Frasunek and TF8.

The first exploit that took advantage of this technique allowed an attacker to take control of wu- ftpd 2.6.0. Format string attacks can be used to bring a program to crash or execute arbitrary code.

The problem stems from the use of unfiltered user input in certain C functions here, such as printf (), which are responsible for issuing the formatted text. A malicious user could, for example, the format token % s and% x use to used to output data from the stack. With the % n token can write ( as an integer ) to an arbitrary location in memory the number of characters output.

This vulnerability is widespread, as it has formatting issues previously considered harmless. Most often it occurs when a program should output input from the user and the programmer again printf (buffer ) instead of printf ("% s", buffer) writes. For the first version buffer is interpreted as a string with formatting tokens. In the second version, however, the input string is simply printed.

This type of error can only occur because subroutine calls in C are not type-safe, and a variable number of parameters is allowed without a check is made whether the number and type of the read parameters correspond to those of the specified parameters.