Which of the following kinds of function are particularly vulnerable to format string attacks?

Prev Question
Next Question

Which of the following kinds of function are particularly vulnerable to format string attacks?

A.
C functions that perform output formatting

B.
C functions that perform integer computation

C.
C functions that perform real number subtraction

D.
VB functions that perform integer conversion

E.
SQL functions that perform string conversion

F.
SQL functions that perform text conversion

Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash
a program or to execute harmful code. The problem stems from the use of unfiltered user input as
the format string parameter in certain C functions that perform formatting, such as printf(). A
malicious user may use the %s and %x format tokens, among others, to print data from the stack
or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using
the %n format token.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *