Name String Format Overflow in syslog()
Summary This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Prerequisites The format string argument of the Syslog function can be tainted with user supplied data.
Solutions The following code shows a vulnerable usage of Syslog(): syslog(LOG_ERR, cmdBuf); // the buffer cmdBuff is taking user supplied data.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-134 Use of Externally-Controlled Format String
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Back to Top