format string attack
sisendvormingurünne, vormingustringirünne
olemus
rünne, mis kasutab ära kitsendusteta vormingustringi nõrkusi,
põhineb rakenduse sisendandmete tõlgendamisel programmikäsuna
ülevaateid
https://en.wikipedia.org/wiki/Uncontrolled_format_string
https://www.owasp.org/index.php/Format_string_attack
http://forum.ouah.org/FormatString.PDF
http://www.cs.cornell.edu/Courses/cs513/2005fa/paper.format-bug-analysis.pdf
https://www.defcon.org/images/defcon-18/dc-18-presentations/Haas/DEFCON-18-Haas-Adv-Format-String-Attacks.pdf
https://classes.adamaviv.com/si485h/s17/units/06/unit.html
tõrje
https://medium.com/@jhjaksimsam2/what-is-format-string-attack-how-to-prevent-this-attack-59b480ce9989
https://www.usenix.org/legacy/events/sec01/full_papers/cowanbarringer/cowanbarringer.pdf