Security Portal: Format Strings - An Interview with Chris EvansOct 11, 2000, 08:37 (1 Talkback[s])
(Other stories by Kurt Seifried)
"It appears to me that these format strings have been present a very long time. A CERT advisory mentioned them being in WuFTPD since 1993. Do you think attackers have known about them and been using them? (This certainly would be a convenient explanation for many mysterious unsolved break-ins.)"
"This is a very interesting question. It depends what you mean by "attackers." I doubt this problem was widely known in the underground cracker community. When that is the case, the exploit usually leaks to the public. I can happily entertain that a few highly skilled individuals knew about this issue, though. Finally, we should be wary of attributing any unsolved break-ins to format string bugs. Even if a compromised site was running daemons containing format string bugs, there is still the potential for undiscovered security bugs which are not of a format string nature."
"As we know, string/buffer handling has traditionally been very buggy. The most obvious example of buggy buffer handling is the classic buffer overflow."