Vulnerability Development mailing list archives
Re: traceroute-4.4BSD (slack) heap overflow
From: Matt Zimmerman <mdz () CSH RIT EDU>
Date: Thu, 11 Jan 2001 12:23:14 -0500
On Tue, Jan 09, 2001 at 03:25:08PM -0800, Cristi Dumitrescu wrote:
Been there, tried that. I knew the old way of viewing the shadow with ping or traceroute utilities using this method. Fact is RESOLV_HOST_CONF is not reffering to /etc/hosts, but to /etc/resolv.conf =[ You could at most use a rogue ns with this method.
Fact is, RESOLV_HOST_CONF is not referring to /etc/resolv.conf, but to /etc/host.conf. This is much more difficult to exploit. Directives available: order This keyword specifies how host lookups are to be performed. It should be followed by one or more lookup methods, seperated by commas. Valid methods are bind , hosts and nis . trim This keyword may be listed more than once. Each time it should be followed by a single domain name, with the leading dot. When set, the resolv+ library will automatically trim the given domain name from the end of any hostname resolved via DNS. This is intended for use with local hosts and domains. (Related note: trim will not affect host- names gathered via NIS or the hosts file. Care should be taken to insure that the first hostname for each entry in the hosts file is fully qualified or non-qualified, as appropriate for the local installation.) multi Valid values are on and off . If set to "on," the resolv+ library will return all valid addresses for a host that appears in the /etc/hosts file, instead of only the first. This is off by default, as it may cause a substantial performance loss at sites with large hosts files. nospoof Valid values are on and off . If set to "on," the resolv+ library will attempt to prevent hostname spoofing to enhance the security of rlogin and rsh. It works as follows: after performing a host address lookup, resolv+ will perform a hostname lookup for that address. If the two hostnames do not match, the query will fail. alert If this option is set to "on" and the nospoof option is also set, resolv+ will log a warning of the error via the syslog facility. The default value is off. reorder Valid values are on and off . If set to "on," resolv+ will attempt to reorder host addresses so that local addresses (i.e., on the same subnet) are listed first when a gethostbyname() is performed. Reordering is done for all lookup methods. The default value is off. -- - mdz
Attachment:
_bin
Description:
Current thread:
- Re: traceroute-4.4BSD (slack) heap overflow, (continued)
- Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Oliver Friedrichs (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 11)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)