Next: 5.1 Metrics
Up: Detecting Format String Vulnerabilities
Previous: 4.4 const Allows Deep
5 Real-World Tests
We tested the effectiveness of cqual on several popular C programs
that are potentially vulnerable to format string attacks. Some of them
had known vulnerabilities; others did not. In all cases, attackers from across
the network have control over some string input to the program. If
this input is used as a format string, a carefully chosen input can
crash the program or give the attacker root access.
Subsections
Umesh Shankar
2001-05-16