[peter@koek] ~$ nslookup `perl -e 'print "A" x 100;'` Server: zopie.attic.vuurwerk.nl Address: 10.10.13.1 *** zopie.attic.vuurwerk.nl can't find AAA.....AAA: Unspecified error [peter@koek] ~$ nslookup `perl -e 'print "A" x 300;'` Server: zopie.attic.vuurwerk.nl Address: 10.10.13.1 *** zopie.attic.vuurwerk.nl can't find AA....AAA: Unspecified error Segmentation fault (core dumped) [peter@koek] ~$ nslookup `perl -e 'print "A" x 1000;'` Server: zopie.attic.vuurwerk.nl Address: 10.10.13.1 Segmentation fault (core dumped) At first, this does not seem a problem: nslookup is not suid root or anything. But several sites have cgi-scripts that call nslookup... tests show that these will coredump when passed enough characters. Looks exploitable to me... Greetz, Peter. -- 'I guess anybody who walks away from a root shell at : Peter van Dijk a nerd party gets what they deserve!' -- BillSF :peterat_private -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- finger hardbeatat_private for my public PGP-key - --- - --- - --- - --- - --- - --- - --- - --- - --- -
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:03 PDT