Vuln Dev
NSLOOKUP.EXE Mar 20 2003 12:45AM
Patrick Webster (webster_p DeMorgan com au) (2 replies)
Re: NSLOOKUP.EXE Mar 22 2003 05:40AM
K. K. Mookhey (cto nii co in) (2 replies)
Re: NSLOOKUP.EXE Mar 24 2003 12:32PM
Marcos D. Marado Torres (marado student dei uc pt)
RE: NSLOOKUP.EXE Mar 23 2003 09:41PM
Brett Moore (brett softwarecreations co nz)
Re: NSLOOKUP.EXE Mar 20 2003 09:06PM
Blue Boar (BlueBoar thievco com) (2 replies)
Patrick Webster wrote:
> Can you do anything interesting with this?:
>
> C:\>nslookup
> Default Server: dns.server.net
> Address: 111.222.333.444
>
>
>>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
>
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> Gives error: memory can't be "read" - 0x414141 (aka A).

If you have to manually type all the A's, then probably not. Maybe if
someone did something silly like make a CGI script that calls nslookup.exe
directly with user input.

What OS are you testing on? It looks like it's fixed in XP:

C:\winxp\system32>nslookup
Default Server: dns1.snfcca.sbcglobal.net
Address: 206.13.28.12

>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** Input is too long
>

BB

[ reply ]
Re: NSLOOKUP.EXE Mar 21 2003 05:04PM
Ryan Yagatich (ryany pantek com)
RE: NSLOOKUP.EXE Mar 20 2003 11:56PM
Brett Moore (brett softwarecreations co nz)


 

Privacy Statement
Copyright 2010, SecurityFocus