Re: [Full-disclosure] Buffer Overflow in dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)



Dear Jason Starks,

It can be exploited remote via XXS it the attack vectors API's and framework
made by PDP, btw great work PDP and gnucitizen.org security team, keep up
the good work. I now try to attach gdb to javascript to do remove
exploatation of dnsmap



On Wed, Feb 25, 2009 at 6:10 PM, Jason Starks <jstarks440@xxxxxxxxx> wrote:

I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can
occur after triggering a simple programming error (you've shown no signs of
code execution). Terrrrrrrific.

On Wed, Feb 25, 2009 at 10:36 AM, srl <security.research.labs@xxxxxxxxx>wrote:

Security Advisory:

PRODUCT
************
http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/
http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar

This this is a great tool, used by the two pentesters, pagvac and pdp

TECHNICAL DESCRIPTION
********************************
A local buffer overflow exist in dnsmap 0.22.
$ dnsmap -r `perl -e 'print "A"x250'`
dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

Segmentation fault

SOLUTION
*************
Wait until pagvac will learn about strncpy().











_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] pdp architect, drraid, beastiality, and incest
    ... the clues he provides.Yay for PDP not feeding script kiddies! ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] pdp is leaving us
    ... Keep up the good work PDP. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] pdp is leaving us
    ... we here at lul-disclosure.inc are very happy that pdp is still ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] 0-day PDF exploit
    ... is pdp architect releasing more 0day into the wild without his ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)