PrepAway - Latest Free Exam Questions & Answers

Which of the following types of attack makes use of unfiltered user input as the format string parameter in th

Which of the following types of attack makes use of unfiltered user input as the format string
parameter in the printf() function of the C language?

PrepAway - Latest Free Exam Questions & Answers

A.
buffer overflows

B.
format string vulnerabilities

C.
integer overflow

D.
code injection

E.
command injection

F.
None of the choices.

Explanation:

Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash
a program or to execute harmful code. The problem stems from the use of unfiltered user input as
the format string parameter in certain C functions that perform formatting, such as printf(). A
malicious user may use the %s and %x format tokens, among others, to print data from the stack
or possibly other locations in memory. One may also write
arbitrary data to arbitrary locations using the %n format token.


Leave a Reply