The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


buffer overflow in nslookup?


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
Date: Sat, 29 Aug 1998 16:36:02 +0200
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@netspace.org
Subject: buffer overflow in nslookup?

[peter@koek] ~$ nslookup `perl -e 'print "A" x 100;'`
Server:  zopie.attic.vuurwerk.nl
Address:  10.10.13.1

*** zopie.attic.vuurwerk.nl can't find AAA.....AAA: Unspecified error
[peter@koek] ~$ nslookup `perl -e 'print "A" x 300;'`
Server:  zopie.attic.vuurwerk.nl
Address:  10.10.13.1

*** zopie.attic.vuurwerk.nl can't find AA....AAA: Unspecified error
Segmentation fault (core dumped)
[peter@koek] ~$ nslookup `perl -e 'print "A" x 1000;'`
Server:  zopie.attic.vuurwerk.nl
Address:  10.10.13.1

Segmentation fault (core dumped)

At first, this does not seem a problem: nslookup is not suid root or anything.
But several sites have cgi-scripts that call nslookup... tests show that these
will coredump when passed enough characters. Looks exploitable to me...

Greetz, Peter.
--
'I guess anybody who walks away from a root shell at :         Peter van Dijk
 a nerd party gets what they deserve!' -- BillSF     :peter@attic.vuurwerk.nl
-- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --   -- --
finger hardbeat@selweird.ml.org for my public PGP-key
  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -  ---  -

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру