Detecting Format-String Vulnerabilities with Type Qualifiers

[aleph1 () securityfocus com]

Detecting Format-String Vulnerabilities with Type Qualifiers
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner

We present a new system for automatically detecting format string security 
vulnerabilities in C programs using a constraint-based type-inference engine. 
We describe new techniques for presenting the results of such analysis to 
the user in a form that makes bugs easier to find and fix, The system has 
been implemented and tested on several real-world software packages. Our 
tests show that the system is very effective, detecting several bugs 
previously unknown to the authors and exhibiting a low rate of false 
positives in almost all cases. Many of our techniques are applicable to 
additional classes of security vulnerabilities, as well as other type- and 
constraint- based systems.

http://www.cs.berkeley.edu/~jfoster/papers/usenix01.ps.gz
http://www.cs.berkeley.edu/~jfoster/papers/usenix01.pdf

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum