Problems with NSLOOKUP

• Previous message: X-MaD: "Re: Seti@home information leakage and remote compromise"
• Next in thread: K. K. Mookhey: "Re: Problems with NSLOOKUP"
• Reply: K. K. Mookhey: "Re: Problems with NSLOOKUP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 8 Apr 2003 12:05:57 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Let me just respond to the NSLOOKUP issue described in the post by Anony Mous. I have tested the example provided and have found that it does, indeed, crash NSLOOKUP on W2K SP3 as described. If you tested this and didn't think it produced such an error, look in your Application Event Log for an associated Dr. Watson message. You'll also notice that you drop to the command prompt after entering the 276 "a"s (this is not meant to suggest an exact number, but it was the number provided and the number I tested with).

The input is handled well by NSLOOKUP on XP, however, generating an "Input too long" error and staying within NSLOOKUP.

James D. Stallard also indicated that v5.1.2600.0 NSLOOKUP (from XP SP1) has some interesting "features";
-----
I tested Erics NSLookup overflow on WinXP
Windows XP SP1: Version 5.1 (Build 2600.xpsp1.0202828-1920 : Service Pack 1)
NSLookup.EXE: 5.1.2600.0 (xpclient.010817-1148)

Entering Erics exact string I got "*** Input is too long" without the quotes.

Working upwards in string length (still using "a") I get "non-existent domain" for a string length of up to 63, however 64 returns "Unspecified error" up to 255 characters. At 256 to 1021 I get "Input is too long".

At 1022 and 1023 I get nothing and when I hit enter again I get the NSLookup prompt, expecting input.

At 1024 I get a return as if I had searched for only the last digit in the string and from then on any characters prior to the 1025th are ignored.

At 4096 I get a return as if I had searched for only the last 2 digits in the string and from then on the input buffer is full and accepts no more.

Anyone got any explanations for this rather inconsistent behaviour, albeit I was unable to get anything to break?

----
Cheers,
Russ - NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Prometric - More than testing, learning.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
http://www.prometric.com
Prometric, part of The Thomson Corporation, is the leader in
technology-enabled testing and assessment services for information
technology certification, academic admissions, professional licensure and
certifications, computer-based driver's licensing, and corporate testing.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: X-MaD: "Re: Seti@home information leakage and remote compromise"
• Next in thread: K. K. Mookhey: "Re: Problems with NSLOOKUP"
• Reply: K. K. Mookhey: "Re: Problems with NSLOOKUP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Alert: Problems with MS03-007 installed ... Prometric, part of The Thomson Corporation, is the leader in ... technology-enabled testing and assessment services for information ... (NT-Bugtraq) Alert: Problems with MS03-007 installed ... Prometric, part of The Thomson Corporation, is the leader in ... technology-enabled testing and assessment services for information ... (NT-Bugtraq) Re: Seti@home information leakage and remote compromise ... Prometric, part of The Thomson Corporation, is the leader in ... technology-enabled testing and assessment services for information ... (NT-Bugtraq) Re: Problems with MS03-007 and Cold Fusion MX ... Prometric, part of The Thomson Corporation, is the leader in ... technology-enabled testing and assessment services for information ... (NT-Bugtraq) NTDLL Attack FAQ ... It includes links to articles on how to disable WebDAV and answers some ... technology-enabled testing and assessment services for information ... (NT-Bugtraq)