
Format String Attacks
Format string bugs are present when no formatting characters are specified as
an argument for a function that utilizes va_arg style argument lists.
Common houses for format string vulnerabilities are found in statements such
as printf(argv[1]). The quick fix for this problem is to place a “%s” instead of the
argv[1] argument.The corrected statement would look like printf(“%s”, argv[1]).
TCP/IP Vulnerabilities
The purpose of a TCP spoofing attack is to exploit a trust relationship
between two systems.The attacker must know in advance that host A trusts
host B completely. An example attack works like this: An attacker sends some ...