Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: "Ryan W. Maple" <ryan () GUARDIANDIGITAL COM>
Date: Tue, 19 Dec 2000 10:38:39 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 19 Dec 2000, Steve Lord wrote:
I know very little about writing overflow exploits, but doing a strings of it revealed (amongst other things): fatal flex scanner internal error--no action found fatal flex scanner internal error--end of buffer missed fatal error - scanner input buffer overflow input in flex scanner failed flex scanner push-back overflow unexpected last match in input() out of dynamic memory in yy_create_buffer() out of dynamic memory in yy_scan_buffer() out of dynamic memory in yy_scan_bytes() bad buffer in yy_scan_bytes() There's a lot of junk in there which leads me to believe that whoever wrote it (I don't have the source and can't be bothered downloading it) was at least aware of buffer overflows and put in stuff to protect it, as well as some format checking stuff. If there is an exploit it doesn't
Please correct me if I'm wrong, but those are very common strings inserted when somebody builds a language parser from lex/yacc (flex/bison). Having done a good deal of code in flex and bison I can say that they look very familiar. Check out the "lex & yacc" book by ORA if you're curious. So my point being that these strings are, IMHO, not a determination of care put forth by the developer at all. They are common strings that are included by lex/yacc. For example, go into nslookup and hit control-C and you'll get: > fatal flex scanner internal error--end of buffer missed Which is string number two on your list above. Cheers, Ryan +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+ Ryan W. Maple "I dunno, I dream in Perl sometimes..." -LW Guardian Digital, Inc. ryan () guardiandigital com +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6P4EDIwAIA9MpKWcRAsWnAJ9qo2/byZWEkeQRiuyjLqH9zrvkKgCfbqUd Emi22QSiEC7oJGKiUOqqnp8= =ctkA -----END PGP SIGNATURE-----
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)