Vulnerability Development mailing list archives

Re: Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash when resolving dns.)

From: Street <streetseeker () mail ru>
Date: Sat, 31 May 2003 21:31:01 +0400

Hello 3APA3A,

Saturday, May 31, 2003, 2:18:40 PM, you wrote:

3> Dear vulndev,

3> It's  definitely  bug  in  Windows  XP SP1, as it was supposed by Roland
3> Postle <mail () blazde co uk> To reproduce it:

3> 1. Created zone 1.168.192.in-addr.arpa and add record:

3> 254 IN CNAME non.existant.name

3> 2. Use test program attached

3> 3.  I  did  tests  on  Windows  NT 4.0, Windows 2000 and Windows XP SP1.
3> Results:

3> Windows NT 4.0:

c:\>>test.exe 192.168.1.254
3> gethostbyaddr failed

3> Windows 2000:

C:\>>test.exe  192.168.1.254
3> gethostbyaddr failed

3> Windows XP SP1:

C:\>>test.exe 192.168.1.254
3> h_name: (null)

3> So,  this problem is not specific to mIRC and it's possible to crash any
3> application    on    Windows    XP    Sp1   where   gethostbyaddr()   or
3> WSAAsyncGetHostByAddr()   is  used  for  reverse  name  resolution  (IRC
3> clients, Peer-to-Peer clients, personal firewalls, etc).

3> Can somebody test Windows 2003?

This bug is confirmed to work in Windows 2003 Server, it is vulnerable. Tested on
 evaluation (180 day) version.








-- 
Best regards,
 Street                            mailto:streetseeker () mail ru

Current thread:

Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash when resolving dns.) 3APA3A (Jun 01)
- Re: Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash when resolving dns.) Street (Jun 03)