Bugtraq mailing list archives
Detecting Format-String Vulnerabilities with Type Qualifiers
From: aleph1 () securityfocus com
Date: Sat, 15 Sep 2001 16:50:44 -0600
Detecting Format-String Vulnerabilities with Type Qualifiers Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner We present a new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine. We describe new techniques for presenting the results of such analysis to the user in a form that makes bugs easier to find and fix, The system has been implemented and tested on several real-world software packages. Our tests show that the system is very effective, detecting several bugs previously unknown to the authors and exhibiting a low rate of false positives in almost all cases. Many of our techniques are applicable to additional classes of security vulnerabilities, as well as other type- and constraint- based systems. http://www.cs.berkeley.edu/~jfoster/papers/usenix01.ps.gz http://www.cs.berkeley.edu/~jfoster/papers/usenix01.pdf -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Detecting Format-String Vulnerabilities with Type Qualifiers aleph1 (Sep 16)