Date: Sun, 27 Apr 1997 19:10:33 -0600 From: Warner Losh <imp@village.org> To: The Code Warrior <jbowie@bsdnet.org> Cc: Dmitry Valdov <dv@kis.ru>, freebsd-security@freebsd.org Subject: Re: SNI-12: BIND Vulnerabilities and Solutions (fwd) Message-ID: <E0wLexe-0006zz-00@rover.village.org> In-Reply-To: Your message of "Wed, 23 Apr 1997 10:15:30 -0000." <Pine.BSF.3.96.970423100818.1014A-100000@utopia.nh.ultranet.com> References: <Pine.BSF.3.96.970423100818.1014A-100000@utopia.nh.ultranet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.970423100818.1014A-100000@utopia.nh.ultranet.com> The Code Warrior writes: I haven't checked the gethostby* libs, so I'm not sure if the : resolver does internal bounds checking, rather than just letting you overflow : the stack with a spoofed DNS name. I have. There are some, but not a lot. I've been trying to plug them as I find them. Most of them have long ago been plugged. And the name doesn't need to be spoofed either. You just need control over the in-addr.arpa domain for the IP numbers that you claim to be coming from for this attack to work. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wLexe-0006zz-00>