Re: Problems with NSLOOKUP
From: K. K. Mookhey (cto@NII.CO.IN)
Date: Wed, 9 Apr 2003 10:42:16 +0530 From: "K. K. Mookhey" <cto@NII.CO.IN> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
This is old news and was posted to the Bugraq mailing list a few weeks ago.
In fact, Win2K SP3 has quite a few other local buffer overflows like this one, and we have informed MS about these. They will be rectified in Win2K SP4 and WinXP SP2.
K. K. Mookhey
Network Intelligence India Pvt. Ltd.
Security Auditing Handbooks
Let me just respond to the NSLOOKUP issue described in the post by Anony Mous. I have tested the example provided and have found that it does, indeed, crash NSLOOKUP on W2K SP3 as described. If you tested this and didn't think it produced such an error, look in your Application Event Log for an associated Dr. Watson message. You'll also notice that you drop to the command prompt after entering the 276 "a"s (this is not meant to suggest an exact number, but it was the number provided and the number I tested with).
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?