473,386 Members | 1,741 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > security vulnerability caused by msdn page for sscanf

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Security vulnerability caused by MSDN page for sscanf

Page
http://msdn.microsoft.com/library/de...c_.swscanf.asp
says:
Security Note When reading a string with sscanf, always specify a width
for the %s format (for example, "32%s" instead of "%s"); otherwise,
improperly formatted input can easily cause a buffer overrun.


If a programmer obeys MSDN and specifies a format like "32%s" then
improperly formatted input can easily cause a buffer overrun. The malicious
person will have to know to start the input with a character '3' and a
character '2', and follow it with more than 32 characters of subsequent
input. Malicious persons have demonstrated more than the amount of skill
necessary to exploit this kind of buffer overrun.

If a programmer ignores MSDN and specifies a format like "%32s" then this
security vulnerability can be avoided.

If MSDN gets fixed in less than a year then maybe Microsoft still "gets it"
with security.

Nov 17 '05 #1
1 2180
Norman Diamond wrote:
If MSDN gets fixed in less than a year then maybe Microsoft still
"gets it" with security.


It's already fixed in the VS2005 documentation:

http://msdn2.microsoft.com/en-us/lib...US,VS.80).aspx

-cd
Nov 17 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
Top Ten PHP Security Issues, a preliminary list
by: Chung Leong | last post by:
There's my draft list of the top ten PHP security issues. As you can see, there's only nine right now. I've ranked them based on how readily the vulnerability can be exploited. This is the reason...
PHP
3
Php query string security
by: Simon Hadler | last post by:
Hi was asking some questions about this in alt.php but some didn't get answered. Yes I have read an awful lot now about php security and different advisories and Idon't mind being called a...
PHP
28
Who should security issues be reported to?
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
Python
0
Microsoft Patch MS04-028 for the JPG security hole causes errors on Image Control
by: Greg Christie | last post by:
I think I have a somewhat unique situation here, so I thought I should post it for the few poor souls who run across it and try to google it like I did. First of all, I was getting the following...
.NET Framework
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
16
ADPs, Integrated Security and Selective Permissions
by: Lyle Fairfield | last post by:
There is an MS-SQL table named Bugs_Comments_and_Suggestions. There is a form named Bugs_Comments_and_Suggestions. To allow John Doe to use this form, we GRANT him LOGIN and ACCESS permissions...
Microsoft Access / VBA
0
-ASP.NET Security Issue and Guidance
by: Patrick.O.Ige | last post by:
This what i got from microsoft! GDluck Dear ASP.NET Customer, This alert is to advise you of the availability of a web page that discusses an investigation Microsoft is currently conducting...
ASP.NET
8
Critical javascript security flaw in firefox
by: Matt Kruse | last post by:
http://news.zdnet.com/2100-1009_22-6121608.html Hackers claim zero-day flaw in Firefox 09 / 30 / 06 | By Joris Evers SAN DIEGO--The open-source Firefox Web browser is critically flawed in...
Javascript
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!