[7807] in bugtraq
Re: buffer overflow in nslookup?
daemon@ATHENA.MIT.EDU (Benjamin J Stassart)
Sun Aug 30 23:45:06 1998
Date: Sun, 30 Aug 1998 20:29:43 -0700
Reply-To: Benjamin J Stassart <dszd0g@dasb.fhda.edu>
From: Benjamin J Stassart <dszd0g@DASB.FHDA.EDU>
X-To: "www.devoid.net" <admin@fallin.devoid.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <XFMail.980830184718.admin@fallin.devoid.net>
-----BEGIN PGP SIGNED MESSAGE-----
> Date: Sun, 30 Aug 1998 18:47:18 -0700
> From: "www.devoid.net" <admin@fallin.devoid.net>
> To: BUGTRAQ@netspace.org
> Subject: Re: buffer overflow in nslookup?
> my last mail didn't go out so this time i wont go through all the examples
> because i do not have the time.
> none of these buffer overruns core my nslookup ( bind-8.1.2 )
> i am running a duel processor x86,
> pentium classic,
> and Cyril
Try:
nslookup `perl -e 'print "A" x 5000;'`
Under some OS's it may require a larger string to overflow the buffer.
> where did the nslookup in these examples origionate ?
If your nslookup's main.c includes:
sscanf(string, " %s", host); /* removes white space */
(at line 681 in 4.9.7-REL and at line 684 in 8.1.2) and it does not
check the length of 'string', then you are vulnerable.
Benjamin J. Stassart
- ------------------------------------------------+
A great many people think they are thinking |
when they are merely rearranging their |
prejudices |
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv
iQCVAwUBNeoYqZePz5nhUoJ9AQGVBwP/Q/QSBftNZBznBh940NbPykhSEldDRcHx
fJmZsjhivBTrKNHaP+QHhCVoFjP5wY36rLt6zEc0wCSA2kJiW1h0n2AakmxShUNC
/vamXF5NzGcC4dM5PAj20QPjK2bBnAJQuqDtUGGqFBp7gSlVqCdhjQdmwU9uoEOr
kg6c9008SfU=
=xyfZ
-----END PGP SIGNATURE-----
