This document discusses control hijacking attacks that aim to take control of a victim's machine by exploiting vulnerabilities in programs. It covers different types of attacks like buffer overflow attacks, integer overflow attacks, and format string vulnerabilities. These attacks work by injecting attack code or parameters to abuse vulnerabilities and modify memory to redirect the control flow. The document also discusses defenses like choosing programming languages with strong typing and automatic checks, auditing software, and adding runtime checks using techniques like stack canaries to detect exploits and prevent code execution.
A single pass assembler scans the program only once and creates the equivalent binary program. The assembler substitute all of the symbolic instruction with machine code in one pass.
The main Objective of this presentation is to define computer buses , especially system bus . which is consists of data bus , address bus and control bus.
A single pass assembler scans the program only once and creates the equivalent binary program. The assembler substitute all of the symbolic instruction with machine code in one pass.
The main Objective of this presentation is to define computer buses , especially system bus . which is consists of data bus , address bus and control bus.
A brief introduction to Process synchronization in Operating Systems with classical examples and solutions using semaphores. A good starting tutorial for beginners.
C Programming Language Tutorial for beginners - JavaTpointJavaTpoint.Com
JavaTpoint share a presentation of C Programming language for beginners and professionals. now in this slideshare you will be learned basics of c programming language, what is c programming language, history of c programming, installing turbo c, features of c programming language, datatypes of c language, operaters in c, control statement of c language, c language functions, c array, pointer in c programming, and structure and union.
Full information of about CPU register and type of CPU registers,
Use of registers in computer and their basic operation, category of registers and how to use them, flag register.
Topics Covered:
Linker: Types of Linker:
Loaders : Types of loader
Example of Translator, Link and Load Time Address
Object Module
Difference between Static and Dynamic Binding
Translator, Link and Load Time Address
Program Relocatability
A brief introduction to Process synchronization in Operating Systems with classical examples and solutions using semaphores. A good starting tutorial for beginners.
C Programming Language Tutorial for beginners - JavaTpointJavaTpoint.Com
JavaTpoint share a presentation of C Programming language for beginners and professionals. now in this slideshare you will be learned basics of c programming language, what is c programming language, history of c programming, installing turbo c, features of c programming language, datatypes of c language, operaters in c, control statement of c language, c language functions, c array, pointer in c programming, and structure and union.
Full information of about CPU register and type of CPU registers,
Use of registers in computer and their basic operation, category of registers and how to use them, flag register.
Topics Covered:
Linker: Types of Linker:
Loaders : Types of loader
Example of Translator, Link and Load Time Address
Object Module
Difference between Static and Dynamic Binding
Translator, Link and Load Time Address
Program Relocatability
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017OpenEBS
The slides were presented by Jeffry Molanus who is the CTO of OpenEBS in Golang Meetup. OpenEBS is an open source cloud native storage. OpenEBS delivers storage and storage services to containerized environments. OpenEBS allows stateful workloads to be managed more like stateless containers. OpenEBS storage services include: per container (or pod) QoS SLAs, tiering and replica policies across AZs and environments, and predictable and scalable performance.Our vision is simple: let’s let storage and storage services for persistent workloads be so fully integrated into the environment and hence managed automatically that is almost disappears into the background as just yet another infrastructure service that works.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
2. Table of Contents
• Attacker’s Intentions
• Buffer Overflow Attacks
Basic Stack Exploit
Heap based buffer overflow attack
Defense Against Buffer Overflow Attack
Integer Overflow Attack
Format String Attack
Prevention of Control Hijacking Attacks
Runtime Checking: Stackguard
3. Attacker’s Intentions
Take control of the victim’s machine
Hijack the execution flow of a running program
Execute arbitrary code
Requirements
Inject attack code or attack parameters
Abuse vulnerability and modify memory such that control flow is redirected
4. Attacker’s Intentions (Contd)
Examples
Buffer Overflow attack
Integer overflow attack
Format string vulnerabilities
• What is needed by attacker?
Understanding C functions, the stack, and the heap.
Know how system calls are made
The exec() system call
Attacker needs to know which CPU and OS used on the target machine:
5. Buffer Overflow Attack
• Result from mistakes done while writing code
Coding flaws because of
• unfamiliarity with language
• Ignorance about security issues
• unwillingness to take extra effort
• Often related to particular programming language
• Buffer overflows
mostly relevant for C / C++ programs
not in languages with automatic memory management
6. Buffer Overflow Attack (Contd.)
• dynamic bounds checks (e.g., Java)
• automatic resizing of buffers (e.g., Perl)
• One of the most used attack techniques
• What is needed to understand buffer overflow attack?
Understanding C functions and the stack
Some familiarity with machine code
Know how systems calls are made
The exec() system call
8. What are buffer overflows?
• Suppose a web server contains a function:
void func (char *str) {
char buf [128];
strcpy (buf, str);
do-something (buf);
}
• When the function is invoked the stack looks like:
• What if *str is 136 bytes long? After strcpy:
strret-addrsfpbuf
Top
of
stack
str
Top
of
stack
*str ret
9. Exploiting buffer overflows
• Suppose web server calls func() with given URL.
Attacker sends a 200 byte URL. Gets shell on web server
• Some complications:
Program P should not contain the ‘0’ character.
Overflow should not crash program before func() exists.
• Sample remote buffer overflows of this type:
(2005) Overflow in MIME type field in MS Outlook.
(2005) Overflow in Symantec Virus Detection
Set test = CreateObject ("Symantec.SymVAFileQuery.1")
test.GetPrivateProfileString "file", [long string]
10. Basic stack exploit
• Problem: no range checking in strcpy().
• Suppose *str is such that after strcpy stack looks like:
• When func() exits, the user will be given a shell !
• Note: attack code runs in stack.
• To determine ret guess position of stack when func() is called
Top
of
stack*str ret Code for P
Program P: exec( “/bin/sh” )
(exact shell code by Aleph One)
11. Stack-based attacks: many variants
• Return address clobbering
• Overwriting function pointers (e.g. PHP 4.0.2, MediaPlayer, BMP).
• Overwriting exception-handler pointers (C++).
Need to cause an exception afterwards
• Overwriting longjmp buffers (e.g. Perl 5.003)
Mechanism for error handling in C
• Overwriting saved frame pointer (SFP)
Off-by-one error is enough: one byte buffer overflow!
First return (leave) sets SP to overwritten SFP.
Second return (ret) jumps to fake top of stack
Heap
or
stack
buf[128] FuncPtr
12. Control Hijacking Opportunities
• Stack smashing attack:
Override return address in stack activation record by overflowing a local buffer
variable.
• Function pointers: (e.g. PHP 4.0.2, MS Media Player Bitmaps)
Overflowing buf will override function pointer.
• Longjmp buffers: longjmp (pos) (e.g. Perl 5.003)
Overflowing buf next to pos overrides value of pos.
Heap
or
stackbuf[128] FuncPtr
13. Heap-based control hijacking
• Compiler generated function pointers (e.g. C++ code)
• Suppose vtable is on the heap next to a string object:
ptr
data
Object T
FP1
FP2
FP3
vtable
method #1
method #2
method #3
ptr
buf[256]
data
object T
vtable
14. Heap-based control hijacking
• Compiler generated function pointers (e.g. C++ code)
• After overflow of buf we have:
ptr
data
Object T
FP1
FP2
FP3
vtable
method #1
method #2
method #3
ptr
buf[256]
data
object T
vtable
shell
code
15. Defense Against Buffer Overflow Attack
• Programming language choice is crucial
• The language
should be strongly typed
Should do automatic bound checks.
Should do automatic memory management.
16. Integer Overflow Attack
• Integer overflows: e.g. MS DirectX MIDI Lib, Phrack60
void func(int a, char v)
{
char buf[128];
init(buf);
buf[a] = v;
}
• Problem: a can point to `ret-addr’ on stack.
• Double free: double free space on heap.
Can cause mem mgr to write data to specific location
Examples: CVS server
17. An Example
void func( char *buf1, *buf2, unsigned int len1, len2) {
char temp[256];
if (len1 + len2 > 256) {return -1} //lengthcheck
memcpy(temp, buf1, len1); // cat buffers
memcpy(temp+len1, buf2, len2);
do-something(temp); // do stuff
}
What if len1 = 0x80, len2 = 0xffffff80?
⇒ len1+len2 = 0
Second memcpy () will overflow heap
18. Format String Attack
Int func(char *user) {
fprintf( stderr, user);
}
Problem: what if user = “%s%s%s%s%s%s%s” ??
Most likely program will crash: DoS.
If not, program will print memory contents. Privacy?
Full exploit using user = “%n”
• Correct form:
int func(char *user) {
fprintf( stdout, “%s”, user);
}
19. Vulnerable functions
• Any function using a format string.
• Printing:
printf, fprintf, sprintf, …
vprintf, vfprintf, vsprintf, …
• Logging:
syslog, err, warn
20. Exploit
• Dumping arbitrary memory:
Walk up stack until desired pointer is found.
printf( “%08x.%08x.%08x.%08x|%s|”)
• Writing to arbitrary memory:
printf( “hello %n”, &temp) -- writes ‘6’ into temp.
printf( “%08x.%08x.%08x.%08x.%n”)
21. Control Hijacking
Preventing hijacking attacks
• Fix bugs:
Audit software
Automated tools: Coverity, Prefast/ Prefix.
Rewrite software in a type safe language (Java, ML)
• Difficult for existing (legacy) code ...
• Concede overflow, but prevent code execution
• Add runtime code to detect overflows exploits
Halt process when overflow exploit detected
StackGuard, LibSafe, ...
22. Run time checking: StackGuard
• StackGuard
Run time tests for stack integrity.
Embed “canaries” in stack frames and verify their
integrity prior to function return.
• Canary Types
Random canary:
• Choose random string at program startup.
• Insert canary string into every stack frame.
• Verify canary before returning from function.
• To corrupt random canary, attacker must learn current random string.
23. Canary (Contd)
• Terminator canary:
Canary = 0, newline, linefeed, EOF
• String functions will not copy beyond terminator.
• Attacker cannot use string functions to corrupt stack.
• StackGuard implemented as a GCC patch.
Program must be recompiled.
• Minimal performance effects: 8% for Apache.
• Note: Canaries don’t offer fullproof protection.
Some stack smashing attacks leave canaries unchanged
• Heap protection: PointGuard
Protects function pointers and setjmp buffers by encrypting them: XOR
with random cookie
Less effective, more noticeable performance effects
• .
Editor's Notes
A control-hijacking attack overwrites some data structures in a victim program that affect its control flow, and eventually hijacks the control of the program and possibly the underlying system.
A data structure that can affect the control flow of a program is called a control-sensitive data structure, examples of which include return address, function pointer, global offset table/import table, C++ virtual functions table pointer, etc. Once an attacker grabs control of the victim program, she can invoke any operation to which the victim program’s effective user is entitled.
Buffer overflow attacks are known to be the most common type of attacks that allow attackers to hijack a remote system by sending a specially crafted packet to a vulnerable network application running on it.
In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information.
A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
The canonical method for exploiting a stack based buffer overflow is to overwrite the function return address with a pointer to attacker-controlled data (usually on the stack itself).
Stack buffer overflow can be caused deliberately as part of an attack known as stack smashing. n software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer. Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer.
Windows media player bitmaps (skins) – heap overflow, Feb. 2006
setjmp – used for exception handling (jump to global error handling code in case of error)
Difficult to make this exploit work. A reliable method called “heap spraying” is described at the end of the presentation.
Approaches to detect buffer over flow attacks can be divided into two groups: static techniques that detect potential buffer overruns by examining program’s source code and dynamic techniques that protect programs at run-time. Wilander et. al. [1, 2] present a comprehensive overview of tools of both types.
[1] . Wilander and M. Kamkar. A comparison of publicly available tools for static intrusion prevention. In Proc. Of 7th Nordic Workshop on Secure IT Systems
, 2002.
[2] J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proc. of 10th Network and Distributed System Security.
Symposium
, 2003.
An Integer Overflow is the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it.
Integer overflow is what occurs when a numeric variable exceeds its maximum capacity. Generally what happens, due to two's complement arithmetic, is that the variable wraps to the opposite end of the spectrum. So for a signed variable, a negative value too large to fit would become a large positive value.
The Format String exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system.
Most vulnerabilities in C are related to buffer overflows and string manipulation. In most cases, this would result in a segmentation fault, but specially crafted malicious input values, adapted to the architecture and environment could yield to arbitrary code execution.
gets: The stdio gets() function does not check for buffer length and always results in a vulnerability.
Strcpy: The strcpy built-in function does not check buffer lengths and may very well overwrite memory zone contiguous to the intended destination. In fact, the whole family of functions is similarly vulnerable: strcpy, strcat and strcmp.
Sprintf: Just as the previous functions, sprintf does not check the buffer boundaries and is vulnerable to overflows.
printf and friends: One other vulnerability category is concerned with string formatting attacks , those can cause information leakage, overwriting of memory, … This error can be exploited in any of the following functions: printf, fprintf, sprintf and snprintf, i.e. all functions that take a “format string” as argument.