[7813] in bugtraq
Re: buffer overflow in nslookup?
daemon@ATHENA.MIT.EDU (Willy TARREAU)
Mon Aug 31 12:58:37 1998
Date: Mon, 31 Aug 1998 10:38:50 +0200
Reply-To: Willy TARREAU <tarreau@AEMIAIF.LIP6.FR>
From: Willy TARREAU <tarreau@AEMIAIF.LIP6.FR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980829163602.I27337@attic.vuurwerk.nl> from "Peter van Dijk"
at Aug 29, 98 04:36:02 pm
> Segmentation fault (core dumped)
>
> At first, this does not seem a problem: nslookup is not suid root or anything.
> But several sites have cgi-scripts that call nslookup... tests show that these
> will coredump when passed enough characters. Looks exploitable to me...
It is, I've successfully got a shell using my old generic exploit, with 260
bytes followed by a pointer to esp-400.
Willy
--
+----------------------------------------------------------------------------+
| Willy Tarreau - tarreau@aemiaif.lip6.fr - http://www-miaif.lip6.fr/willy/ |
| System and Network Engineer - NOVECOM - http://novworld.novecom.fr/ |
| Magistere d'Informatique Appliquee de l'Ile de France ( MIAIF ), Year 1997 |
+----------------------------------------------------------------------------+
