Re: Problems with NSLOOKUP

From: K. K. Mookhey (cto@NII.CO.IN)
Date: 04/09/03

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS03-011" 
    Date:         Wed, 9 Apr 2003 10:42:16 +0530
From: "K. K. Mookhey" <cto@NII.CO.IN>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Hi All,
    This is old news and was posted to the Bugraq mailing list a few weeks ago.
    http://www.securityfocus.com/archive/82/315781
    In fact, Win2K SP3 has quite a few other local buffer overflows like this one, and we have informed MS about these. They will be rectified in Win2K SP4 and WinXP SP2.
    Cheers,
    K. K. Mookhey
    CTO,
    Network Intelligence India Pvt. Ltd.
    Web: www.nii.co.in
    =================================
    Security Auditing Handbooks
    http://www.nii.co.in/research/handbook.html
    =================================

    ----- Original Message -----
    From: "Russ" <Russ.Cooper@RC.ON.CA>
    To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
    Sent: Tuesday, April 08, 2003 9:35 PM
    Subject: Problems with NSLOOKUP

    Let me just respond to the NSLOOKUP issue described in the post by Anony Mous. I have tested the example provided and have found that it does, indeed, crash NSLOOKUP on W2K SP3 as described. If you tested this and didn't think it produced such an error, look in your Application Event Log for an associated Dr. Watson message. You'll also notice that you drop to the command prompt after entering the 276 "a"s (this is not meant to suggest an exact number, but it was the number provided and the number I tested with).
    ...

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Have you discovered a security vulnerability related to Windows or a
    commercial product which runs on Windows?

    Need assistance crafting the format or translating your advisory to English?

    Need to verify it, or having problems contacting the Vendor?

    Contact mailto:Advisories@NTBugtraq.com

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS03-011"