Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: Gunnar Wolf <gwolf () CAMPUS IZTACALA UNAM MX>
Date: Mon, 18 Dec 2000 09:55:47 -0600
I found a strange behavior in the nslookup command, and was able to reproduce it in several different platforms. I do not have deep knowledge of the inner working of nslookup, but the message I got seemed a bit suspicious, and I decided to report it before someone can find a way to exploit it.nslookup has 755 permissions on all machines I've seen, so I'm not sure what the danger is.... You thinking of something in the kernel?
I lack enough knowledge to tell if this is or not potentially dangerous... I only know this is not the expected behavior - it is a bug, and bugs potentially can become holes.
What I am doing is very simple - too simple, maybe. I run nslookup in interactive mode, and send ^C while it is waiting for my text.Just to add a new platform: IRIX 6.5.6m is not vulnerable
Good, thank you! ------------------------------------------------------------------- Gunnar Wolf gwolf () campus iztacala unam mx Universidad Nacional Autónoma de México, Campus Iztacala Jefatura de Sección de Desarrollo y Admon. de Sistemas en Red Departamento de Seguridad en Computo - DGSCA - UNAM -------------------------------------------------------------------
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)