Presentation is loading. Please wait.

Presentation is loading. Please wait.

Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation

Published byAlyson Gordon Modified over 6 years ago

Similar presentations

Presentation on theme: "Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation"— Presentation transcript:

1 Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation
Format string problems 24 Deadly sins of software security Michael howard david leblanc john viega Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation

2 Technical Overview What is Format String? 1
It consists of Format Function like printf, scanf Format String Parameter like %x, %s Format String would be like printf(“The magic number is: %d\n”,1911); Format String exploit happens when input is evaluated as a command by the application

3 Technical Overview What is the root cause for Format String Bugs?
Who is responsible for it? Which are the most vulnerable coding languages? What could be the result of exploitation? Stickman Logo:

4 Technical Overview Any application that takes input from user and passes it to formatting function is potentially at risk 2 Common mistakes that developer commits which leads to this Sin: Failing to properly validate user input Giving the user, freedom to provide format strings as input Failing to protect files using proper ACLs

5 Examples(Demo) Viewing the Stack Crashing the program (DoS Attack)
Viewing the memory at any location Writing data to any arbitrary memory location Note: A live demonstration with respect to the above attacks will be shown during the Presentation on a Command Prompt with C compiler 3

6 Examples(Demo) Source: [2]

7 Spotting the sin 2 If an application takes user input and passes it to a formatting function then it is potentially at risk Understand the importance of Code Review to Spot the Sin Pass format specifiers into application and see if hexadecimal values are returned Check for variable length of format strings

8 Redemption steps 2 Never pass user input directly to a formatting function Do use fixed string formats or format string from a trusted source Do heed the warnings and errors that you receive upon compiling the code

9 Redemption steps 2 Check and limit locale to valid values
Don’t use printf family of functions, if possible avoid it Consider using higher-level languages that tend to be less vulnerable to this issue

10 CONCLUSION It’s an implementation bug Easy to Find
Code review is the way to spot this Sin Don’t allow user input directly to formatting functions Always validate and filter the input

11 References OWASP: Format String Attack. Last Revisited 04/16/2015 Howard, Michael, David LeBlanc, and John Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. New York: McGraw-Hill, Print. Security Tube_Bot, Format String Vulnerabilities Megaprimer  A video series to understand the basics of Format String Vulnerabilities and how to exploit them

Download ppt "Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation"

Similar presentations

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Team BAM! Scott Amack, Everett Bloch, Maxine Major 1.

Team BAM! Scott Amack, Everett Bloch, Maxine Major 1.
Chapter 18 I/O in C. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 18-2 Standard C Library I/O commands.

Chapter 18 I/O in C. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Standard C Library I/O commands.
Secure Software Development Chris Herrick 01/29/2007.

Secure Software Development Chris Herrick 01/29/2007.
CMPE13 Cyrus Bazeghi Chapter 18 I/O in C. CMPE13 18-2 Standard C Library I/O commands are not included as part of the C language. Instead, they are part.

CMPE13 Cyrus Bazeghi Chapter 18 I/O in C. CMPE Standard C Library I/O commands are not included as part of the C language. Instead, they are part.
A Security Review Process for Existing Software Applications

A Security Review Process for Existing Software Applications
CSCE 548 Secure Software Development Test 1 Review.

CSCE 548 Secure Software Development Test 1 Review.
May 2, 2007St. Cloud State University Software Security.

May 2, 2007St. Cloud State University Software Security.
August 1, 2006. The Software Security Problem August 1, 2006.

August 1, The Software Security Problem August 1, 2006.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.

Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.

Brian E. Brzezicki. This tutorial just illustrates the underlying concepts of buffer overflows by way of an extremely simple stack overflow  Most buffer.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim 09.11.2004.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.

OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
Chapter 18 I/O in C.

Chapter 18 I/O in C.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
1 C Programming Week 2 Variables, flow control and the Debugger.

1 C Programming Week 2 Variables, flow control and the Debugger.

Similar presentations

Ads by Google