Full Disclosure: Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

From: Jason Starks <jstarks440 () gmail com>
Date: Wed, 25 Feb 2009 11:33:02 -0500

Sweet. If that is true, you should get to work on an actual exploit right
away. We wouldn't want the immortal ./ segmentation fault doesn't affect
your stature on this list.

On Wed, Feb 25, 2009 at 11:24 AM, srl <security.research.labs () gmail com>wrote:

Dear Jason Starks,

It can be exploited remote via XXS it the attack vectors API's and
framework made by PDP, btw great work PDP and gnucitizen.org security
team, keep up the good work. I now try to attach gdb to javascript to do
remove exploatation of dnsmap



On Wed, Feb 25, 2009 at 6:10 PM, Jason Starks <jstarks440 () gmail com>wrote:

I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can
occur after triggering a simple programming error (you've shown no signs of
code execution). Terrrrrrrific.

On Wed, Feb 25, 2009 at 10:36 AM, srl <security.research.labs () gmail com>wrote:

 Security Advisory:

PRODUCT
************
http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/
http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar

This this is a great tool, used by the two pentesters, pagvac and pdp

TECHNICAL DESCRIPTION
********************************
A local buffer overflow exist in dnsmap 0.22.
$ dnsmap -r `perl -e 'print "A"x250'`
dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

Segmentation fault

SOLUTION
*************
Wait until pagvac will learn about strncpy().











_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) srl (Feb 25)
- Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) Jason Starks (Feb 25)
  - Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) srl (Feb 25)
    - Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) Pete Licoln (Feb 25)
    - Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) srl (Feb 25)
    - Re: Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) Jason Starks (Feb 25)
  - Re : Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) Pete Licoln (Feb 25)