Re: buffer overflow in nslookup?

From: Uwe Ohse (uwe@CSL-GMBH.NET)
Date: Mon Aug 31 1998 - 06:08:43 PDT

Next message: Brett Oliphant: "Another Cisco PIX Firewall Vulnerability"

Previous message: Darren Reed: "port scanning. (fwd)"
Maybe in reply to: Peter van Dijk: "buffer overflow in nslookup?"
Next in thread: Willy TARREAU: "Re: buffer overflow in nslookup?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If your nslookup's main.c includes:
>
>     sscanf(string, " %s", host);        /* removes white space */

you can find the same in dig.c, and a patch for dig, removing that and
some other problems, at http://www.nrw.net/uwe/dig-8.1.2.patch

Needless to say i told bind-bugsat_private more then two months ago about
the problems in nslookup and dig, and never got a reply.

Regards, Uwe

Next message: Brett Oliphant: "Another Cisco PIX Firewall Vulnerability"
Previous message: Darren Reed: "port scanning. (fwd)"
Maybe in reply to: Peter van Dijk: "buffer overflow in nslookup?"
Next in thread: Willy TARREAU: "Re: buffer overflow in nslookup?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:11 PDT