| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Feb 2009 11:24:00 -0500 From: Pete Licoln <pete.licoln@...il.com> To: Jason Starks <jstarks440@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re : Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) Wow this sound serious ... 2009/2/25, Jason Starks <jstarks440@...il.com>: > I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can > occur after triggering a simple programming error (you've shown no signs of > code execution). Terrrrrrrific. > > On Wed, Feb 25, 2009 at 10:36 AM, srl > <security.research.labs@...il.com>wrote: > >> Security Advisory: >> >> PRODUCT >> ************ >> http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/ >> http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar >> >> This this is a great tool, used by the two pentesters, pagvac and pdp >> >> TECHNICAL DESCRIPTION >> ******************************** >> A local buffer overflow exist in dnsmap 0.22. >> $ dnsmap -r `perl -e 'print "A"x250'` >> dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) >> >> Segmentation fault >> >> SOLUTION >> ************* >> Wait until pagvac will learn about strncpy(). >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists