Format-string exploits

Jan 05, 2026

210 likes | 345 Vues

This presentation from ICSE 2005 focuses on the automatic discovery of API-level exploits, particularly through the lens of format-string vulnerabilities. An exploit is defined as a sequence of operations that successfully targets a software vulnerability—a defect in a software package that leads to unintended behavior. Understanding these concepts is crucial for developers and security experts aiming to safeguard applications against potential attacks. This work emphasizes the need for robust mechanisms to identify and address vulnerabilities automatically.

Share Presentation

Embed Code

sereno

Télécharger la présentation

Format-string exploits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

Format String Attacks

Team BAM! Scott Amack, Everett Bloch, Maxine Major. Format String Attacks. Overview. What is a Format String Attack? About Format Strings Anatomy of an Attack History Current Events Demo Conclusions. What are Format String Attacks?.

1.38k views • 25 slides

Common Exploits

Common Exploits. Aaron Cure Cypress Data Defense. SQL Injection. What is it? The inclusion of portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).

456 views • 28 slides

Exploits Buffer Overflows and Format String Attacks

Exploits Buffer Overflows and Format String Attacks. David Brumley Carnegie Mellon University. You will find a t least one error on each set of slides. :). An Epic Battle. White. Black. vs. format c:. Find Exploitable Bugs. Bug. White. Black. format c:. OK. Exploit.

936 views • 72 slides

Buffer Overflow Attacks and Format String bugs

Buffer Overflow Attacks and Format String bugs. Buffer overflows. Extremely common bug. First major exploit: 1988 Internet Worm. fingerd. 10 years later: over 50% of all CERT advisories: 1997: 16 out of 28 CERT advisories. 1998: 9 out of 13 -”-

405 views • 26 slides

Buffer Overflow Exploits

Buffer Overflow Exploits. Taken shamelessly from: http://www.cs.rpi.edu/~hollingd/netprog/overflow.ppt. Serious Stuff. Try a web search for “buffer overflow exploit” “Smashing the Stack for Fun and Profit”

504 views • 27 slides

Exploits

Exploits. #define MAX_PASSLEN 10 #define PASSWORD_OK 1 #define PASSWORD_FAIL 2 void set_password(char *pass) { FILE *f = get_password_file(); fprintf(f, pass); } int authenticate() { FILE *f = get_password_file(); char userpass[MAX_PASSLEN]; char secret[MAX_PASSLEN];

113 views • 4 slides

Exploits

Exploits. Dalia Solomon. Categories. Trojan Horse Attacks Smurf Attack Port Scan Buffer Overflow FTP Exploits Ethereal Exploit Worm Virus Password Cracker DNS Spoofing. Trojan Horse attacks.

767 views • 39 slides

Format String Protection

Format String Protection. David Brumley Sam Wu June 12 th , 2002. Format String Attack Basis. Similar to buffer overflow attacks, it relies on altering flow of control to attacking code Unlike buffer overflow attacks, it takes advantage of C variable argument macros

393 views • 22 slides

Exploiting Format String Vulnerabilities

Exploiting Format String Vulnerabilities. Scut/team teso. Outline. Introduction The format functions Format string vulnerabilities Variations of Exploitation Conclusion. Buffer Overflow. Format String. public since. mid 1980's. June 1999. danger realized. 1990's. June 2000.

656 views • 26 slides

Detecting Format String Vulnerabilities with Type Qualifier

Detecting Format String Vulnerabilities with Type Qualifier. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, David Wanger University of California at Berkeley. Format String Bugs. I/O functions in C use format strings printf(“%s”, buf) print buf as string But you can also do

459 views • 31 slides

TCP Exploits

TCP Exploits. We will discuss several exploits based on the design weaknesses of TCP. UDP Connectionless. Header is simple. Fake a UDP packet is easy. TCP Connection based. More complicated header with sequence number. Fake a TCP packet is more difficult. Revision of TCP/IP Architecture.

748 views • 60 slides

Buffer Overflow Exploits

CS 378. Buffer Overflow Exploits. Vitaly Shmatikov. The Tao of Windows Buffer Overflow. as taught by DilDog Ninja Strike Force (Cult of the Dead Cow) Sensei of the Undocumented Opcode. Throughout these ages our operating systems infested by bugs

519 views • 26 slides

Exploits

Exploits . By Hon Ching Lo. 1. Buffer Overflow 2. Virus & Worms 3. The “stacheldraht” distributed denial of service attack tool. Stack Buffer Overflow Basics. Lower memory addresses. A process in memory: - text (Program code; marked read-only, so any attempts to

595 views • 49 slides

TCP Exploits

636 views • 60 slides

Buffer Overflow Attacks and Format String bugs

316 views • 26 slides

Buffer Overflow Exploits

Buffer Overflow Exploits. CS-480b Dick Steflik. What is a buffer overflow?. Memory global static heap malloc( ) , new Stack non-static local variabled value parameters Buffer is a contiguously allocated chunk of memory

178 views • 16 slides

Exploits

68 views • 4 slides

Exploits

514 views • 49 slides

Exploiting Format String Vulnerabilities

Exploiting Format String Vulnerabilities. Paper by: Scut/team teso September 1, 2001. Presentation by: David Allen October 05, 2005. Overview. Exploit of the ANSI C format functions. Occurs when attacker can provide the format string in part or as a whole. Proper Use:

181 views • 14 slides

Format String Vulnerabilities

Paper by: Scut/team teso September 1, 2001. Format String Vulnerabilities. Overview. Exploit of the ANSI C format functions. Occurs when attacker can provide the format string in part or as a whole. Proper use: Vulnerable use:. print_msg( char *msg ) { printf( "%s ", msg ); }

197 views • 13 slides

More Related