Vulnerability Development mailing list archives

Re: traceroute-4.4BSD (slack) heap overflow

From: Slawek <sgp () TELSATGP COM PL>
Date: Sun, 7 Jan 2001 10:18:58 +0100

Saturday, January 06, 2001 1:55 PM +0100, Cristi Dumitrescu wrote:

If you're using slackware, you'll find those lines close to the end of
traceroute.c.
The host is *not* given on the command line. It is resolved on the way.

But,

as far as I know, there is no way to convince the resolver to pass

anything

else besides 1-9, a-z, A-Z, . - and _. I don't know the maximum length and
I'm too lazy to search the sources and find it. Anyway, you would need

more

than 4 KB to overwrite something useful and I doubt you could have such a
hostname.



Hi,


DNS lookups and DNS reverse lookups are made by UDP.

AFAIR hostname in DNS lookups made by UDP is limited by protocol to 255
chars.


Hope this helps,
Slawek

Current thread:

traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Heinrich Langos (Jan 05)
  - Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
    - Re: traceroute-4.4BSD (slack) heap overflow Jose Nazario (Jan 07)
    - Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow El Nahual (Jan 06)
  - Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
    - Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 08)
  - Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
    - Re: traceroute-4.4BSD (slack) heap overflow Gordon Messmer (Jan 09)
    - Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
  - Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
    - Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
    - Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)

(Thread continues...)