Vulnerability Development mailing list archives
Re: traceroute-4.4BSD (slack) heap overflow
From: Olaf Kirch <okir () CALDERA DE>
Date: Mon, 8 Jan 2001 11:54:41 +0100
On Thu, Jan 04, 2001 at 06:08:03PM -0800, Cristi Dumitrescu wrote:
A while ago I was studying the source code for this traceroute... I found this in the inetname function:
This is old old old old old. We patched this hole something like two or three years ago, and I'd be very surprised if this was still in recent traceroute code on Slackware. Addressing some of the FUD that has been posted in response to this query: a. DNS queries are not limited to UDP datagrams. A malicious DNS server can force a client to fall back to DNS over TCP b. The _protocol_ limits DNS host names to 255 characters, but resolver implementations may or may not enforce that limit. Older Linux libc5 didn't (it would grok up to 1300-odd bytes in PTR records), recent glibc does but may blow up the name to up to 1020 bytes by printing non-ASCII characters as \xxx. c. The RESOLV_HOST_CONF variable is *not* used to specifiy a replacment for /etc/hosts, but for /etc/host.conf, which configures the resolver. Apart from that, it's been quite a while since the resolver library honored this variable in setuid programs. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir () caldera de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
Current thread:
- traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Heinrich Langos (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Jose Nazario (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow El Nahual (Jan 06)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Gordon Messmer (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Heinrich Langos (Jan 05)
- <Possible follow-ups>
- Re: traceroute-4.4BSD (slack) heap overflow Oliver Friedrichs (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 05)