[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)
- From: Jason Starks <jstarks440@xxxxxxxxx>
- Date: Wed, 25 Feb 2009 11:10:57 -0500
I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can
occur after triggering a simple programming error (you've shown no signs of
code execution). Terrrrrrrific.
On Wed, Feb 25, 2009 at 10:36 AM, srl <security.research.labs@xxxxxxxxx>wrote:
> Security Advisory:
>
> PRODUCT
> ************
> http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/
> http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar
>
> This this is a great tool, used by the two pentesters, pagvac and pdp
>
> TECHNICAL DESCRIPTION
> ********************************
> A local buffer overflow exist in dnsmap 0.22.
> $ dnsmap -r `perl -e 'print "A"x250'`
> dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)
>
> Segmentation fault
>
> SOLUTION
> *************
> Wait until pagvac will learn about strncpy().
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/