...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO30-C | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
| Coverity | 6.5 | TAINTED_STRING_WARNING | Fully implemented | ||||||
5.0 | |||||||||
| GCC |
| Can detect violations of this rule when the | |||||||
| SV.FMTSTR.GENERIC | ||||||||
| 86 D | Partially implemented | |||||||
|
Related Vulnerabilities
Two examples of format-string vulnerabilities resulting from a violation of this rule include include Ettercap and and Samba.
In Ettercap v.NG-0.7.2, the the ncurses user user interface suffers from a format-string defect. The The curses_msg() function in function in ec_curses.c calls calls wdg_scroll_print(), which takes a format string and its parameters and passes it to to vw_printw(). The The curses_msg() function function uses one of its parameters as the format string. This input can include user data, allowing for a format-string vulnerability.
The Samba AFS ACL mapping VFS plug-in fails to properly properly sanitize user user-controlled file names that are used in a format specifier supplied to to snprintf(). This This security flaw becomes becomes exploitable when a user can write to a share that uses Samba's s afsacl.so library library for setting Windows NT access control lists on files residing on an AFS file system.
Automated Detection
...
Tool
...
Version
...
Checker
...
Description
...
...
...
...
5.0
...
Can detect violations of this rule when the -Wformat-security flag is used
...
...
.
...
...
86 D
...
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...