BugTraq
PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 16 2002 07:55PM
NGSSoftware Insight Security Research (nisr nextgenss com) (2 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 26 2002 10:07PM
Andreas Tscharner (starfire dplanet ch)
RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 16 2002 08:39PM
Stefan Esser (s esser e-matters de) (2 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 17 2002 04:56AM
Valdis Kletnieks vt edu (1 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 17 2002 06:37AM
Stefan Esser (s esser e-matters de) (2 replies)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 18 2002 02:16PM
Andreas Borchert (bugtraq andreas-borchert de)
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 17 2002 05:44PM
der Mouse (mouse Rodents Montreal QC CA)
>> *ON THE WIRE*, all 256 byte codes are legal, since [...]

> Yes noone said it is not, but fact is, the libc resolvers simply do
> not allow them, so you can send through the wire whatever you want it
> will not find its way to the fingerd.

This does not match my experience.

I control rDNS for my house network (my provider has installed CNAMEs
pointing into my domain for my address space); I tried picking a
currently-unused address and giving it a PTR record pointing to
"Host-%-sign.Rodents.Montreal.QC.CA". I then told my nameserver to
reload the zone.

Using "host" on the address then printed the name I'd given,
Host-%-sign.Rodents.Montreal.QC.CA. The resolver never even blinked.
(If you want to try your own resolver on it, I've left it up; the
address is 216.46.5.13. I expect I'll be able to leave it up for at
least a month or so, but of course can't actually commit to that.)

/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse (at) rodents.montreal.qc (dot) ca [email concealed]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

[ reply ]
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Dec 16 2002 09:49PM
der Mouse (mouse Rodents Montreal QC CA)


 

Privacy Statement
Copyright 2010, SecurityFocus