Vulnerability Development mailing list archives
Re: traceroute-4.4BSD (slack) heap overflow
From: Cristi Dumitrescu <cristid () CHIP RO>
Date: Tue, 9 Jan 2001 15:57:58 -0800
I think I forgot to mention I got the source code for this from the slackware ftp site, from the slack4.0 dir structure. Can't remember the exact location and filename, but it should still be there if you search for it :) ----- Original Message ----- From: "Olaf Kirch" <okir () caldera de> To: "Cristi Dumitrescu" <cristid () CHIP RO> Cc: <VULN-DEV () SECURITYFOCUS COM> Sent: Monday, January 08, 2001 2:54 AM Subject: Re: traceroute-4.4BSD (slack) heap overflow
On Thu, Jan 04, 2001 at 06:08:03PM -0800, Cristi Dumitrescu wrote:A while ago I was studying the source code for this traceroute... I
found
this in the inetname function:This is old old old old old. We patched this hole something like two or three years ago, and I'd be very surprised if this was still in recent traceroute code on Slackware. Addressing some of the FUD that has been posted in response to this query: a. DNS queries are not limited to UDP datagrams. A malicious DNS server can force a client to fall back to DNS over TCP b. The _protocol_ limits DNS host names to 255 characters, but resolver implementations may or may not enforce that limit. Older Linux libc5 didn't (it would grok up to 1300-odd bytes in PTR records), recent glibc does but may blow up the name to up to 1020 bytes by printing non-ASCII characters as \xxx. c. The RESOLV_HOST_CONF variable is *not* used to specifiy a replacment for /etc/hosts, but for /etc/host.conf, which configures the resolver. Apart from that, it's been quite a while since the resolver library honored this variable in setuid programs. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir () caldera de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
Current thread:
- Re: traceroute-4.4BSD (slack) heap overflow, (continued)
- Re: traceroute-4.4BSD (slack) heap overflow El Nahual (Jan 06)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Gordon Messmer (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow El Nahual (Jan 06)
- Re: traceroute-4.4BSD (slack) heap overflow Oliver Friedrichs (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 11)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)