Bugtraq mailing list archives
Re: buffer overflow in nslookup?
From: dszd0g () dasb fhda edu (Benjamin J Stassart)
Date: Sun, 30 Aug 1998 20:29:43 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Date: Sun, 30 Aug 1998 18:47:18 -0700 From: "www.devoid.net" <admin () fallin devoid net> To: BUGTRAQ () netspace org Subject: Re: buffer overflow in nslookup?
my last mail didn't go out so this time i wont go through all the examples because i do not have the time. none of these buffer overruns core my nslookup ( bind-8.1.2 ) i am running a duel processor x86, pentium classic, and Cyril
Try: nslookup `perl -e 'print "A" x 5000;'` Under some OS's it may require a larger string to overflow the buffer.
where did the nslookup in these examples origionate ?
If your nslookup's main.c includes: sscanf(string, " %s", host); /* removes white space */ (at line 681 in 4.9.7-REL and at line 684 in 8.1.2) and it does not check the length of 'string', then you are vulnerable. Benjamin J. Stassart - ------------------------------------------------+ A great many people think they are thinking | when they are merely rearranging their | prejudices | -----BEGIN PGP SIGNATURE----- Version: PGP 5.0 Charset: noconv iQCVAwUBNeoYqZePz5nhUoJ9AQGVBwP/Q/QSBftNZBznBh940NbPykhSEldDRcHx fJmZsjhivBTrKNHaP+QHhCVoFjP5wY36rLt6zEc0wCSA2kJiW1h0n2AakmxShUNC /vamXF5NzGcC4dM5PAj20QPjK2bBnAJQuqDtUGGqFBp7gSlVqCdhjQdmwU9uoEOr kg6c9008SfU= =xyfZ -----END PGP SIGNATURE-----
Current thread:
- Re: buffer overflow in nslookup?, (continued)
- Re: buffer overflow in nslookup? Peter van Dijk (Aug 30)
- FreeBSD's RST validation Tristan Horn (Aug 30)
- Re: FreeBSD's RST validation James Snow (Aug 30)
- Re: FreeBSD's RST validation Tristan Horn (Aug 30)
- port scanning. (fwd) Darren Reed (Aug 31)
- Re: FreeBSD's RST validation Andrey Alekseyev (Aug 31)
- Re: FreeBSD's RST validation Diane Bruce (Aug 30)
- Re: FreeBSD's RST validation Oliver Friedrichs (Aug 31)
- SEYON vulnerability in TurboLinux 2.0 Scott Stone (Aug 30)
- Re: buffer overflow in nslookup? www.devoid.net (Aug 30)
- Re: buffer overflow in nslookup? Benjamin J Stassart (Aug 30)
- Re: buffer overflow in nslookup? Theo de Raadt (Aug 31)
- Re: buffer overflow in nslookup? Uwe Ohse (Aug 31)
- Hole in Oracle Server/Developer 2000 - authentication protocol. Yaron Yanay (Aug 31)
- Re: buffer overflow in nslookup? Willy TARREAU (Aug 31)