Full Disclosure: Re : Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

[Pete Licoln <pete.licoln () gmail com>]

Wow this sound serious ...



2009/2/25, Jason Starks <jstarks440 () gmail com>:
> I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can
> occur after triggering a simple programming error (you've shown no signs of
> code execution). Terrrrrrrific.
>
> On Wed, Feb 25, 2009 at 10:36 AM, srl
> <security.research.labs () gmail com>wrote:
>
> > Security Advisory:
> >
> > PRODUCT
> > ************
> > http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/
> > http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar
> >
> > This this is a great tool, used by the two pentesters, pagvac and pdp
> >
> > TECHNICAL DESCRIPTION
> > ********************************
> > A local buffer overflow exist in dnsmap 0.22.
> > $ dnsmap -r `perl -e 'print "A"x250'`
> > dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)
> >
> > Segmentation fault
> >
> > SOLUTION
> > *************
> > Wait until pagvac will learn about strncpy().
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/