FormatGuard: Automatic Protection From printf Format String Vulnerabilities (2001) [93 citations — 3 self]

Download:
http://www.usenix.org/events/sec01/full_papers/cow
http://immunix.org/~crispin/formatguard.pdf
CACHED:

by Crispin Cowan , Matt Barringer , Steve Beattie , Greg Kroah-hartman , Mike Frantzen , Jamie Lokier

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@MISC{Cowan01formatguard:automatic,
    author = {Crispin Cowan and Matt Barringer and Steve Beattie and Greg Kroah-hartman and Mike Frantzen and Jamie Lokier},
    title = {FormatGuard: Automatic Protection From printf Format String Vulnerabilities},
    year = {2001}
}

Bookmarks

OpenURL

Abstract:

format bugs" was discovered when an vulnerability in WU-FTP appeared that acted almost like a buffer overflow, but wasn't. Since then, dozens of format string vulnerabilities have appeared. This paper describes the format bug problem, and presents FormatGuard: our proposed solution. FormatGuard is a small patch to glibc that provides general protection against format bugs. We show that FormatGuard is effective in protecting several real programs with format vulnerabilities against live exploits, and we show that FormatGuard imposes minimal compatibility and performance costs.

Citations

1052	The C Programming Language – Kerighan, Ritchie - 1978
310	Stackguard: Automatic adaptive detection and prevention of bufferoverflow attacks – Cowan, Pu, et al. - 1998
254	A first step towards automated detection of buffer overrun vulnerabilities – Wagner, Foster, et al. - 2000
127	Transparent Run-Time Defense Against Stack Smashing Attacks – Baratloo, Singh - 2002
86	Lackwit: A program understanding tool based on type inference – O’Callahan, Jackson - 1997
18	Protecting Systems from Stack Smashing Attacks with StackGuard. Submitted for review – Cowan, Beattie, et al. - 1998
11	PScan: A limited problem scanner for C source files. http://www.striker.ottawa.on.ca/~aland/pscan – DeKok - 2000
9	The Cracker Patch Choice: An Analysis of Post Hoc Security Techniques – COWAN, HINTON, et al. - 2000
9	Why Pascal is not my Favorite Programming Language – Kernighan - 1981
5	Very probable remote root vulnerability in cfengine. BugTraq Mailing List. http://www.securityfocus.com/archive/1/136751 – Savola - 2000
5	remote format string stack overwrite vulnerability. Bugtraq vulnerability 1387 – Wu-Ftpd - 2000
2	Format Bugs in Windows Code. Vuln-dev mailing list, http – Cowan - 2000
2	Format String Attacks. Bugtraq mailing list, http – Newsham - 2000
1	xlock (exec) Input Validation Error. Bugtraq mailing list, http:// www.securityfocus.com/vdb/ bottom.html?vid=1585 – “bind” - 2000
1	Format String Vulnerability. http://plan9.hert.org/ papers/format.html – Bouchareine - 2000
1	User Supplied Format String Bug. http://julianor.tripod.com/ usfs.html – Bouchareine - 2000
1	Poor Man’s Solution to Format Bugs. Vuln-dev mailing list, http:// www.securityfocus.com/archive/1/ 72118 – Frantzen - 2000
1	Varargs macros subtly broken. GCC mailing list, http://gcc.gnu.org/ml – Lokier - 2000
1	stake Advisory: PHP3/PHP4 Logging Format String Vulnerability (A 1012001). Bugtraq mailing list, http:// www.securityfocus.com/archive/1/ 139259 – Pond” - 2000
1	statdx2 - linux rpc.statd revisited. Bugtraq mailing list, http:// marc.theaimsgroup.com/ ?l=bugtraq&m=97123424719960&w=2 – “ron1n” - 2000
1	Automated Detection of FormatString Vulnerabilities – Shankar, Talwar, et al. - 2001
1	Exploit for proftpd 1.2.0pre6. Bugtraq mailing list, http:// www.securityfocus.com/templates/ archive.pike?list=1&mid=28143 – Twillman - 1999
1	LPRng remote root exploit. Bugtraq mailing list, http:// marc.theaimsgroup.com/ ?l=bugtraq&m=97683900820267&w=2 – “venomous” - 2000
1	BitchX - more on format bugs? Bugtraq mailing list, http:// www.securityfocus.com/archive/1/ 68256 – Verituse” - 2000

View or Download | Add to My Collection | Correct Errors