[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: traceroute-4.4BSD (slack) heap overflow
From:       Cristi Dumitrescu <cristid () CHIP ! RO>
Date:       2001-01-09 23:57:58
[Download RAW message or body]

I think I forgot to mention I got the source code for this from the
slackware ftp site, from the slack4.0 dir structure. Can't remember the
exact location and filename, but it should still be there if you search for
it :)

----- Original Message -----
From: "Olaf Kirch" <okir@caldera.de>
To: "Cristi Dumitrescu" <cristid@CHIP.RO>
Cc: <VULN-DEV@SECURITYFOCUS.COM>
Sent: Monday, January 08, 2001 2:54 AM
Subject: Re: traceroute-4.4BSD (slack) heap overflow


> On Thu, Jan 04, 2001 at 06:08:03PM -0800, Cristi Dumitrescu wrote:
> > A while ago I was studying the source code for this traceroute... I
found
> > this in the inetname function:
>
> This is old old old old old. We patched this hole something like
> two or three years ago, and I'd be very surprised if this was
> still in recent traceroute code on Slackware.
>
> Addressing some of the FUD that has been posted in response to this
> query:
>
>  a. DNS queries are not limited to UDP datagrams. A malicious
> DNS server can force a client to fall back to DNS over TCP
>
>  b. The _protocol_ limits DNS host names to 255 characters, but
> resolver implementations may or may not enforce that limit.
> Older Linux libc5 didn't (it would grok up to 1300-odd bytes
> in PTR records), recent glibc does but may blow up the name to
> up to 1020 bytes by printing non-ASCII characters as \xxx.
>
>  c. The RESOLV_HOST_CONF variable is *not* used to specifiy
> a replacment for /etc/hosts, but for /etc/host.conf, which
> configures the resolver. Apart from that, it's been quite a
> while since the resolver library honored this variable in
> setuid programs.
>
> Olaf
> --
> Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
> okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
> okir@caldera.de    +-------------------- Why Not?! -----------------------
>          UNIX, n.: Spanish manufacturer of fire extinguishers.
>

[prev in list] [next in list] [prev in thread] [next in thread]