[7808] in bugtraq
Re: buffer overflow in nslookup?
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Aug 31 11:16:07 1998
Date: Mon, 31 Aug 1998 01:17:40 -0600
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: Benjamin J Stassart <dszd0g@dasb.fhda.edu>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 30 Aug 1998 20:29:43 PDT."
<Pine.OSF.3.95q.980830201713.4574D-100000@octane.dasb.fhda.edu>
> If your nslookup's main.c includes:
>
> sscanf(string, " %s", host); /* removes white space */
>
> (at line 681 in 4.9.7-REL and at line 684 in 8.1.2) and it does not
> check the length of 'string', then you are vulnerable.
Nearly all the sscanf's parsing for some varient of %s are possible
vulnerabilities.
The same applies to "dig".
They must all be fixed.
