Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: buffer overflow in nslookup?

Re: buffer overflow in nslookup?

Uwe Ohse (uweCSL-GMBH.NET)
Mon, 31 Aug 1998 15:08:43 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Yaron Yanay: "Hole in Oracle Server/Developer 2000 - authentication protocol."
Previous message: Andy Church: "Re: Security Hole in Axent ESM"
In reply to: Benjamin J Stassart: "Re: buffer overflow in nslookup?"
Next in thread: Willy TARREAU: "Re: buffer overflow in nslookup?"

> If your nslookup's main.c includes:
>
>     sscanf(string, " %s", host);        /* removes white space */

you can find the same in dig.c, and a patch for dig, removing that and
some other problems, at http://www.nrw.net/uwe/dig-8.1.2.patch

Needless to say i told bind-bugsisc.org more then two months ago about
the problems in nslookup and dig, and never got a reply.

Regards, Uwe

Next message: Yaron Yanay: "Hole in Oracle Server/Developer 2000 - authentication protocol."
Previous message: Andy Church: "Re: Security Hole in Axent ESM"
In reply to: Benjamin J Stassart: "Re: buffer overflow in nslookup?"
Next in thread: Willy TARREAU: "Re: buffer overflow in nslookup?"