Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: traceroute-4.4BSD (slack) heap overflow

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Sat, 6 Jan 2001 22:21:45 -0500
On Sat, 6 Jan 2001, Cristi Dumitrescu wrote:


The host is *not* given on the command line. It is resolved on the
way. But, as far as I know, there is no way to convince the resolver
to pass anything else besides 1-9, a-z, A-Z, . - and _. I don't know
the maximum length and I'm too lazy to search the sources and find it.
Anyway, you would need more than 4 KB to overwrite something useful
and I doubt you could have such a hostname.


couldn't you abuse this via spoofed dns replies? then you wouldn't have to
have control of a dns server, just access to the network segment.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Previous By Date Next
Previous By Thread Next

Current thread: