Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Sun, 17 Dec 2000 16:29:38 +0100
On Sat, 16 Dec 2000, Damian Menscher wrote:
I found a strange behavior in the nslookup command, and was able to reproduce it in several different platforms. I do not have deep knowledge of the inner working of nslookup, but the message I got seemed a bit suspicious, and I decided to report it before someone can find a way to exploit it.nslookup has 755 permissions on all machines I've seen, so I'm not sure what the danger is.... You thinking of something in the kernel?
Hey, people - think. Nslookup is running in user-space (1) with no privledges (2). Kernel has nothing to do with name lookups (3) or flex parser (4) itself. This flex warning message is not caused by any exploitable condition (5). Now, what is the conclusion?:) I do not get it. I have more vulnerabilities of this kind. Or even more juicy: # dig "@`perl -e '{print "\x20"x250}'`id #" /.../ uid=0(root) gid=0(root) groups=0(root) And so what?;> -- _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =--=> Did you know that clones never use mirrors? <=--=
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)