Hosting Provided By

Re: NSLOOKUP.EXE

From: Filip Maertens <fmt(at)ascure.com>
Date: Fri Mar 21 2003 - 04:39:49 EST

Identified the same behaviour on a SuSE box one year ago while teaching a UNIX hacking class (meanwhile corrected in SuSE-SA-2002-026-bind). Further, a quick Google search gives us an "old story" on this topic (postings dating back to 1998 on nslookup overflows). However, overflowing by command-line doesn't seem to be working for me (win2k server gives me a "Input line too long" error); one has to enter the payload in the console of the nslookup utility. Having a quick look at it, the problem seems to be everywhere while -handling- user supplied data. Have a look at nslookup bumming out on me when supplying an overly long "set q=" statement.

--[snip]--
> set q=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%s%s%s%s

Unrecognized command: ¼·>
>
> mailhost

Server: xxx.xxx.xxx.com
Address: XXX.XXX.XXX.XXX

C:\>
--[snip]--

Btw: don't like the sound of the "Unrecognized command" error either :-)

Anyone?

Regards,
Filip Received on Fri Mar 21 14:13:14 2003

This message: [ Message body ]
Next message: Mysq : "Re: NSLOOKUP.EXE"
Previous message: Roman Drahtmueller: "Re: mpg123 segfault"
In reply to Patrick Webster: "NSLOOKUP.EXE"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT

Do you need help?