Libsafe 2.0: Detection of Format String Vulnerability Exploits
نویسندگان
چکیده
منابع مشابه
Libsafe: Transparent System-wide Protection Against Buffer Overflow Attacks
Libsafe is a practical solution that protects against the most common forms of buffer overflow attacks. Such attacks often result in granting the attacker full privileges on the target system. Libsafe is implemented as a shared library that intercepts calls to vulnerable standard library functions. Based on an inspection of the process stack and the function arguments, Libsafe ensures that no r...
متن کاملMeasuring the Effect of Code Complexity on Static Analysis Results
To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were selected from the National Vulnerability Database. We analyzed two sets of code for each vulnerability. The first set of code contained the vulnerability, while the second was a later version of the code in which the vulnerability had been fixed. We examined the effect of both code com...
متن کاملFormatGuard: Automatic Protection From printf Format String Vulnerabilities
In June 2000, a major new class of vulnerabilities called “format bugs” was discovered when an vulnerability in WU-FTP appeared that acted almost like a buffer overflow, but wasn’t. Since then, dozens of format string vulnerabilities have appeared. This paper describes the format bug problem, and presents FormatGuard: our proposed solution. FormatGuard is a small patch to glibc that provides ge...
متن کاملIdea: Measuring the Effect of Code Complexity on Static Analysis Results
To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were studied. We analyzed two code samples for each vulnerability, one containing the vulnerability and one in which the vulnerability was fixed. We examined the effect of code complexity on the quality of static analysis results, including successful detection and false positive rates. Sta...
متن کاملA Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities
This paper combines an analysis of data on security vulnerabilities (published in Bugtraq database) and a focused source-code examination to develop a finite state machine (FSM) model to depict and reason about security vulnerabilities. An in-depth analysis of the vulnerability reports and the corresponding source code of the applications leads to three observations: (i) exploits must pass thro...
متن کامل