-----BEGIN PGP SIGNED MESSAGE----- > Date: Sun, 30 Aug 1998 18:47:18 -0700 > From: "www.devoid.net" <adminat_private> > To: BUGTRAQat_private > Subject: Re: buffer overflow in nslookup? > my last mail didn't go out so this time i wont go through all the examples > because i do not have the time. > none of these buffer overruns core my nslookup ( bind-8.1.2 ) > i am running a duel processor x86, > pentium classic, > and Cyril Try: nslookup `perl -e 'print "A" x 5000;'` Under some OS's it may require a larger string to overflow the buffer. > where did the nslookup in these examples origionate ? If your nslookup's main.c includes: sscanf(string, " %s", host); /* removes white space */ (at line 681 in 4.9.7-REL and at line 684 in 8.1.2) and it does not check the length of 'string', then you are vulnerable. Benjamin J. Stassart - ------------------------------------------------+ A great many people think they are thinking | when they are merely rearranging their | prejudices | -----BEGIN PGP SIGNATURE----- Version: PGP 5.0 Charset: noconv iQCVAwUBNeoYqZePz5nhUoJ9AQGVBwP/Q/QSBftNZBznBh940NbPykhSEldDRcHx fJmZsjhivBTrKNHaP+QHhCVoFjP5wY36rLt6zEc0wCSA2kJiW1h0n2AakmxShUNC /vamXF5NzGcC4dM5PAj20QPjK2bBnAJQuqDtUGGqFBp7gSlVqCdhjQdmwU9uoEOr kg6c9008SfU= =xyfZ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:08 PDT