CAPEC-67: String Format Overflow in syslog()

This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.

Very High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-67 (String Format Overflow in syslog()) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-67: String Format Overflow in syslog()

Overview

How the attack works

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-67?

How does a String Format Overflow in syslog() attack work?

How do you prevent CAPEC-67?

What weaknesses does CAPEC-67 target?

How severe is CAPEC-67?

References

Defend against CAPEC-67

Overview

How the attack works

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Related

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-67?

How does a String Format Overflow in syslog() attack work?

How do you prevent CAPEC-67?

What weaknesses does CAPEC-67 target?

How severe is CAPEC-67?

References

Defend against CAPEC-67