CAPEC-67: String Format Overflow in syslog()
ID
CAPEC-67
Typical Severity
Very High
Likelihood Of Attack
High
Status
Draft
This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness |
| CWE-134 | Use of Externally-Controlled Format String | weakness |
| CWE-680 | Integer Overflow to Buffer Overflow | weakness |
| CWE-697 | Incorrect Comparison | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| WASC | 06 | Format String |