Re: weaknesses in dns label decoding,

From: Dag-Erling Smorgrav (desat_private)
Date: Wed Jun 02 1999 - 11:45:09 PDT

Next message: Matt Wilson: "[SECURITY] New kernel packages available"

Previous message: acpizer: "Solaris 7/SPARC and sdtcm_convert."
Next in thread: Pavel Kankovsky: "Re: weaknesses in dns label decoding,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

bobk <bobkat_private> writes:
> Imagine what could happen if some program did a strcmp() on the following
> name:
>
> rs.internic.net\0.xa.net
>
> where, of course, \0 is a null
>
> Interested readers may ponder what type of programs may be exploited with
> this type of attack.

Any .rhosts consumer. Xhost. Amanda (.amandahosts). Lpd (lpd.allow).
What did I win?

DES
--
Dag-Erling Smorgrav - desat_private

Next message: Matt Wilson: "[SECURITY] New kernel packages available"
Previous message: acpizer: "Solaris 7/SPARC and sdtcm_convert."
Next in thread: Pavel Kankovsky: "Re: weaknesses in dns label decoding,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:04 PDT