[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: buffer overflow in nslookup?
From:       Uwe Ohse <uwe () CSL-GMBH ! NET>
Date:       1998-08-31 13:08:43
[Download RAW message or body]

> If your nslookup's main.c includes:
>
>     sscanf(string, " %s", host);        /* removes white space */

you can find the same in dig.c, and a patch for dig, removing that and
some other problems, at http://www.nrw.net/uwe/dig-8.1.2.patch

Needless to say i told bind-bugs@isc.org more then two months ago about
the problems in nslookup and dig, and never got a reply.

Regards, Uwe

[prev in list] [next in list] [prev in thread] [next in thread]