|
Vulnerability Development
mailing list archives
Re: Bug, possible hole in nslookup, various operating systems
From: Damian Menscher <menscher () uiuc edu>
Date: Sat, 16 Dec 2000 22:54:19 -0600
On Fri, 15 Dec 2000, Gunnar Wolf wrote:
I found a strange behavior in the nslookup command, and was able to
reproduce it in several different platforms. I do not have deep knowledge
of the inner working of nslookup, but the message I got seemed a bit
suspicious, and I decided to report it before someone can find a way to
exploit it.
nslookup has 755 permissions on all machines I've seen, so I'm not sure
what the danger is.... You thinking of something in the kernel?
What I am doing is very simple - too simple, maybe. I run nslookup in
interactive mode, and send ^C while it is waiting for my text.
Just to add a new platform:
IRIX 6.5.6m is not vulnerable
Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
 By Date 
By Thread
Current thread:
|
Intro
