Vulnerability Development mailing list archives
Re: NSLOOKUP.EXE
From: "Filip Maertens" <fmt () ascure com>
Date: Fri, 21 Mar 2003 10:39:49 +0100
Hi List, Can you do anything interesting with this?:
Identified the same behaviour on a SuSE box one year ago while teaching a UNIX hacking class (meanwhile corrected in SuSE-SA-2002-026-bind). Further, a quick Google search gives us an "old story" on this topic (postings dating back to 1998 on nslookup overflows). However, overflowing by command-line doesn't seem to be working for me (win2k server gives me a "Input line too long" error); one has to enter the payload in the console of the nslookup utility. Having a quick look at it, the problem seems to be everywhere while -handling- user supplied data. Have a look at nslookup bumming out on me when supplying an overly long "set q=" statement. --[snip]--
set q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%s%s%s%s Unrecognized command: ¼·>
mailhost
Server: xxx.xxx.xxx.com Address: XXX.XXX.XXX.XXX C:\> --[snip]-- Btw: don't like the sound of the "Unrecognized command" error either :-) Anyone? Regards, Filip
Current thread:
- Re: NSLOOKUP.EXE, (continued)
- Re: NSLOOKUP.EXE Blue Boar (Mar 20)
- RE: NSLOOKUP.EXE Brett Moore (Mar 21)
- Re: NSLOOKUP.EXE Ryan Yagatich (Mar 21)
- Re: NSLOOKUP.EXE K. K. Mookhey (Mar 23)
- RE: NSLOOKUP.EXE Brett Moore (Mar 23)
- Re: NSLOOKUP.EXE Marcos D. Marado Torres (Mar 24)
- RE: NSLOOKUP.EXE Patrick Webster (Mar 20)
- RES: NSLOOKUP.EXE Cleber P. de Souza (Mar 21)
- Re: NSLOOKUP.EXE Nexus (Mar 21)
- RE: NSLOOKUP.EXE Sillari Andrea (Mar 21)
- Re: NSLOOKUP.EXE Filip Maertens (Mar 21)
- Re: NSLOOKUP.EXE Chris Calabrese (Mar 21)
- Re: NSLOOKUP.EXE Mysq (Mar 21)
- Re: NSLOOKUP.EXE Blue Boar (Mar 20)