> If your nslookup's main.c includes: > > sscanf(string, " %s", host); /* removes white space */ > > (at line 681 in 4.9.7-REL and at line 684 in 8.1.2) and it does not > check the length of 'string', then you are vulnerable. Nearly all the sscanf's parsing for some varient of %s are possible vulnerabilities. The same applies to "dig". They must all be fixed.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:09 PDT