Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: Damian Menscher <menscher () uiuc edu>
Date: Sat, 16 Dec 2000 22:54:19 -0600
On Fri, 15 Dec 2000, Gunnar Wolf wrote:
I found a strange behavior in the nslookup command, and was able to reproduce it in several different platforms. I do not have deep knowledge of the inner working of nslookup, but the message I got seemed a bit suspicious, and I decided to report it before someone can find a way to exploit it.
nslookup has 755 permissions on all machines I've seen, so I'm not sure what the danger is.... You thinking of something in the kernel?
What I am doing is very simple - too simple, maybe. I run nslookup in interactive mode, and send ^C while it is waiting for my text.
Just to add a new platform: IRIX 6.5.6m is not vulnerable Damian Menscher -- --==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)