CISA Certified Information Systems Auditor – Question1806
Which of the following types of attack makes use of unfiltered user input as the format string parameter in the print () function of the C language? A. buffer overflows B. format string vulnerabilities C. integer overflow D. code injection E. command injection F. None of the choices.
Correct Answer: B
Explanation:
Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as print (). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.
Please disable your adblocker or whitelist this site!