| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Feb 2009 17:36:46 +0200
From: srl <security.research.labs@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Buffer Overflow in dnsmap 0.22 - DNS Network
Mapper by pagvac (gnucitizen.org)
Security Advisory:
PRODUCT
************
http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/
http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar
This this is a great tool, used by the two pentesters, pagvac and pdp
TECHNICAL DESCRIPTION
********************************
A local buffer overflow exist in dnsmap 0.22.
$ dnsmap -r `perl -e 'print "A"x250'`
dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)
Segmentation fault
SOLUTION
*************
Wait until pagvac will learn about strncpy().
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists