Format-String Vulnerabilities: An adversary is attacking a program with the code

Question

Format-String Vulnerabilities:

An adversary is attacking a program with the code:

1. Rewrite the above line of code so that it is not subject to a format string vulnerability.

2. Say that the adversary enters as input AAAA %x %x %x %x %x %x %x and sees

AAAA 0 0 0 0 5 bfff00a4 41414141

displayed to the screen. Based on this, what can the adversary enter as input if he wants to read from

address 0x43434343 ? (Note: attempting to read from this address might cause an error, but that's ok.)

Explanation / Answer

printf(s) is vulnerable to attack.Because with the help of this attacker may able to find address of data in stack.So,to avoid this we can write above statement as:

printf("%s",s)

Where %s is format specifier for printing string.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.