Re: NSLOOKUP.EXE

• Previous message: The Dark Tangent: "DEF CON Announcement: CFP, Media now on line!"
• Maybe in reply to: Patrick Webster: "NSLOOKUP.EXE"
• Next in thread: Chris Calabrese: "Re: NSLOOKUP.EXE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi List,
> Can you do anything interesting with this?:

Identified the same behaviour on a SuSE box one year ago while teaching a UNIX hacking class (meanwhile corrected in SuSE-SA-2002-026-bind). Further, a quick Google search gives us an "old story" on this topic (postings dating back to 1998 on nslookup overflows).  However, overflowing by command-line doesn't seem to be working for me (win2k server gives me a "Input line too long" error); one has to enter the payload in the console of the nslookup utility.  Having a quick look at it, the problem seems to be everywhere while  -handling- user supplied data.  Have a look at nslookup bumming out on me when supplying an overly long "set q=" statement.

--[snip]--
> set q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%s%s%s%s
Unrecognized command: ¼·>
>
> mailhost
Server:  xxx.xxx.xxx.com
Address:  XXX.XXX.XXX.XXX

C:\>
--[snip]--

Btw: don't like the sound of the "Unrecognized command" error either :-) 


Anyone?


Regards,
Filip

• Next message: Chris Calabrese: "Re: NSLOOKUP.EXE"
• Previous message: The Dark Tangent: "DEF CON Announcement: CFP, Media now on line!"
• Maybe in reply to: Patrick Webster: "NSLOOKUP.EXE"
• Next in thread: Chris Calabrese: "Re: NSLOOKUP.EXE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 21 2003 - 10:46:30 PST