Vulnerability Development mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: rpc <h () ckz org>
Date: Tue, 19 Dec 2000 09:27:48 GMT
I found a strange behavior in the nslookup command, and was able to> > reproduce it in several different platforms. I do not have deep knowledge > > of the inner working of nslookup, but the message I got seemed a bit > > suspicious, and I decided to report it before someone can find a way to > > exploit it. >
This is because nslookup uses a lexical analyzer generated by flex to parse user input. This is not a security bug. flex expects input to be terminated with an EOF marker. While the error it reports in this circumstance looks threatening, it's merely saying that the lexer was terminated before an EOF was received. --rpc
Current thread:
- Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 17)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Michal Zalewski (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Gunnar Wolf (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems Steve Lord (Dec 19)
- Re: Bug, possible hole in nslookup, various operating systems Ryan W. Maple (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems rpc (Dec 20)
- Re: Bug, possible hole in nslookup, various operating systems Damian Menscher (Dec 18)
- Re: Bug, possible hole in nslookup, various operating systems SSecurity (Dec 18)
- <Possible follow-ups>
- Re: Bug, possible hole in nslookup, various operating systems Kyle Bradley (Dec 18)