Class: sec:FormatStringAttack

void print (char *str) { printf(str); } Call: print("%n") pops 4 bytes off the stack and makes them even accessible for writing (Wil05)

•owl:Thing
        •sec:Threat
                •sec:ActiveAttack
                        •sec:MalformedInput
                                •sec:FormatStringAttack

Super Classes

sec:threatens SOME (sec:_Confidentiality AND sec:_Stack)
sec:threatens ONLY ((sec:_Confidentiality OR sec:_IntegrityAND sec:_Stack)
sec:MalformedInput
sec:threatens SOME (sec:_Integrity AND sec:_Stack)

Abstract Syntax

Class(sec:FormatStringAttack partial restriction(sec:threatens someValuesFrom(intersectionOf(sec:_Confidentiality
                                                                                            sec:_Stack)))
                                    restriction(sec:threatens allValuesFrom(intersectionOf(unionOf(sec:_Confidentiality
                                                                                                   sec:_Integrity)
                                                                                           sec:_Stack)))
                                    sec:MalformedInput
                                    restriction(sec:threatens someValuesFrom(intersectionOf(sec:_Integrity
                                                                                            sec:_Stack))))

Usage

Class Description/Definition (Necessary Conditions)

sec:FormatStringMisuse
Generated with OWLDoc