Vulnerable C code from one of overthewire.org levels:
#include <stdlib.h>
int main(int argc, char **argv)
{
if(argc) exit(0);
printf(argv[3]);
exit(EXIT_FAILURE);
}
Vulnerability
What type of vulnerability is this? Why this code is vulnerable?
Exploitation
How one could exploit this code? What could be achieved by the exploit?
Mitigation
How to fix this vulnerability? What countermeasure(s) could be put in place in order to make exploitation harder (or impossible)?
Solution will be published on 28.09.2014.
