Which of the following types of attack makes use of unf

Prev Question
Next Question

Which of the following types of attack makes use of unfiltered user input as the format string
parameter in the printf() function of the C language?

A.
buffer overflows

B.
format string vulnerabilities

C.
integer overflow

D.
code injection

E.
command injection

F.
None of the choices.

Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash
a program or to execute harmful code. The problem stems from the use of unfiltered user input as
the format string parameter in certain C functions that perform formatting, such as printf(). A
malicious user may use the %s and %x format tokens, among others, to print data from the stack
or possibly other locations in memory. One may also write
arbitrary data to arbitrary locations using the %n format token.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *