CAPEC Details
Name String Format Overflow in syslog()
Likelyhood of attack Typical severity
High Very High
Summary This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Prerequisites The format string argument of the Syslog function can be tainted with user supplied data.
Execution Flow
Step Phase Description Techniques
1 Explore The attacker finds that they can inject data to the format string parameter of Syslog().
2 Exploit The attacker craft a malicious input and inject it into the format string parameter. From now on, the attacker can execute arbitrary code and do more damage.
Solutions The following code shows a vulnerable usage of Syslog(): syslog(LOG_ERR, cmdBuf); // the buffer cmdBuff is taking user supplied data.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-134 Use of Externally-Controlled Format String
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Related CAPECS
CAPEC ID Description
CAPEC-100 Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Taxonomy: WASC
Entry ID Entry Name
06 Format String