[7812] in bugtraq
Re: buffer overflow in nslookup?
daemon@ATHENA.MIT.EDU (Uwe Ohse)
Mon Aug 31 11:51:43 1998
Date: Mon, 31 Aug 1998 15:08:43 +0200
Reply-To: Uwe Ohse <uwe@CSL-GMBH.NET>
From: Uwe Ohse <uwe@CSL-GMBH.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.OSF.3.95q.980830201713.4574D-100000@octane.dasb.fhda.edu>;
from Benjamin J Stassart on Sun, Aug 30, 1998 at 08:29:43PM -0700
> If your nslookup's main.c includes:
>
> sscanf(string, " %s", host); /* removes white space */
you can find the same in dig.c, and a patch for dig, removing that and
some other problems, at http://www.nrw.net/uwe/dig-8.1.2.patch
Needless to say i told bind-bugs@isc.org more then two months ago about
the problems in nslookup and dig, and never got a reply.
Regards, Uwe
