[28228] in bugtraq
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B)
daemon@ATHENA.MIT.EDU (Stefan Esser)
Tue Dec 17 13:18:10 2002
Date: Tue, 17 Dec 2002 07:37:23 +0100
From: Stefan Esser <s.esser@e-matters.de>
To: Valdis.Kletnieks@vt.edu
Message-ID: <20021217063723.GA18608@php.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
In-Reply-To: <200212170456.gBH4uARa002457@turing-police.cc.vt.edu>
--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Dec 16, 2002 at 11:56:10PM -0500, Valdis.Kletnieks@vt.edu wrote:
>=20
> *ON THE WIRE*, all 256 byte codes are legal, since DNS uses a length-data
Yes noone said it is not, but fact is, the libc resolvers simply do not
allow them, so you can send through the wire whatever you want it will
not find its way to the fingerd.
Stefan Esser
--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org
iD8DBQE9/sYj1rB3BM9srmkRAv3lAJ9BEoOS+s0MsPkW2qCXVDlpKeuEAwCgqzyu
LX2mNFtW5XIsni1nWxwCDDY=
=Qdss
-----END PGP SIGNATURE-----
--SUOF0GtieIMvvwua--
