Re: Q: on Format String attacks

On Jun 16, 2005, at 13:53, Lachniet, Mark wrote:

> Hello,
>
> I'm seeing hits in a report on the Format String attack NASL's such  
> as:
>
> Format string on HTTP header value
> Format string on URI

These plugins are some sort of fuzzers. In other words, they test for  
"unknown"  vulnerabilities. These plugins may produce false positives  
(for instance, if the remote web server stops replying after a couple  
of bogus requests) or may uncover real problems. Make sure your web  
server is still running (if it's not, it's definitely vulnerable) or  
look at the logs of the server to see if it crashed from SIGSEGV or  
SIGBUS at some point.

At that point, you're basically on your own to perform the  
diagnostic, unless you can provide us with more information about  
affected server.


> Etc.  However, there are no references given, and I'm not finding any
> PoC or detailed platform-specific information on how to document or
> exploit this.  I hesitate to flag it as a major problem, as it seems
> almost too generic to worry about.  Can anyone help me out with some
> background information, PoC, etc?  I have already googled the  
> topic, and
> I understand the basic issues, but what I don't see is known
> vulnerabilities in modern products through this attack vector.  All  
> the
> references go back to 2000 or so.

Format strings are an attack vector - very much like buffer  
overflows. Their popularity do not necessarily fade with time.



                                -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus