From: K. K. Mookhey (ctoNII.CO.IN)
Date: Wed Apr 09 2003 - 00:12:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,
This is old news and was posted to the Bugraq mailing list a few weeks ago.
http://www.securityfocus.com/archive/82/315781
In fact, Win2K SP3 has quite a few other local buffer overflows like this one, and we have informed MS about these. They will be rectified in Win2K SP4 and WinXP SP2.
Cheers,
K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Web: www.nii.co.in
=================================
Security Auditing Handbooks
http://www.nii.co.in/research/handbook.html
=================================

----- Original Message -----
From: "Russ" <Russ.CooperRC.ON.CA>
To: <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Sent: Tuesday, April 08, 2003 9:35 PM
Subject: Problems with NSLOOKUP

Let me just respond to the NSLOOKUP issue described in the post by Anony Mous. I have tested the example provided and have found that it does, indeed, crash NSLOOKUP on W2K SP3 as described. If you tested this and didn't think it produced such an error, look in your Application Event Log for an associated Dr. Watson message. You'll also notice that you drop to the command prompt after entering the 276 "a"s (this is not meant to suggest an exact number, but it was the number provided and the number I tested with).
...

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?

Need assistance crafting the format or translating your advisory to English?

Need to verify it, or having problems contacting the Vendor?

Contact mailto:AdvisoriesNTBugtraq.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]