Format String attacks are a type of security attack on computers. Format string attacks occur when user inputs are passed unfiltered or inadequately filtered in print specifications to one of the many C library formatting routines like printf. This can happen when, for example, completing forms on the Internet. They are primarily attacks on servers or on specialized software used on a client.

Format String attacks work because printf and similar routines require two sets of data, some number of parameters and a format string specifying how to handle the parameters. If a parameter is passed that fools the print routine into believing that it is a format specification rather than data, it will probably be possible to manipulate the parameters on the stack including values that are not part of the intended parameters and format specification.

As with Buffer Overflow attacks, Format String attacks work by altering the program stack within a program. While simply crashing a program is relatively easy, using a format string attack to take control of a program generally requires attacking a specific vulnerable program with a string tailored to a specific version of the program.

Format string attacks somewhat resemble Buffer Overflow attacks. Unlike Buffer Overflows which have long been recognized as a problem, the recognition that format strings can be used to attack software is fairly recent, dating to about 2000.

Return To Index Copyright 1994-2002 by Donald Kenney.