[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    Possible 0 day in nslookup
From:       "Ziots, Edward" <EZiots () Lifespan ! org>
Date:       2008-08-19 9:18:31
Message-ID: CBD73348AD43344DAE3736A72831CDC9020CD469 () LSCOEXCH1 ! lsmaster ! lifespan ! org
[Download RAW message or body]

All, 

Two readers pointed us to a SecurityFocus item concerning Microsoft's nslookup.exe.  \
Details are at:

http://www.securityfocus.com/bid/30636/

A video showing a crash analysis of nslookup.exe is at

http://www.nullcode.com.ar/ncs/crash/nsloo.htm

If anybody has experienced an nslookup.exe crash or knows more about this \
                vulnerability please let us know via our contact page.
UPDATE: CVE-2008-3648 has been assigned to this issue. 
Commentary: As of Sunday (17-AUG-2008) the CVSS Base score for CVE-2008-3648 was 9.3. \
I think this is a little high, and once more people look at the issue on Monday this \
will be reduced.  We have yet to determine if this actually can be leveraged to \
execute code, and it is unclear if the only exploit scenario is to use nslookup from \
the command line, or if simply visiting a website linking to a malicious domain is \
enough. (-KL)


Not Fun J
Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505

---
When posting or replying to messages on this list, please send all
emails in plain text format.  HTML formatted messages will not be accepted.

PatchManagement.org is hosted by Shavlik Technologies

To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org


[prev in list] [next in list] [prev in thread] [next in thread]