Sweet. If that is true, you should get to work on an actual exploit right away. We wouldn't want the immortal ./ segmentation fault doesn't affect your stature on this list.
On Wed, Feb 25, 2009 at 11:24 AM, srl <security.research.l...@gmail.com>wrote: > Dear Jason Starks, > > It can be exploited remote via XXS it the attack vectors API's and > framework made by PDP, btw great work PDP and gnucitizen.org security > team, keep up the good work. I now try to attach gdb to javascript to do > remove exploatation of dnsmap > > > > On Wed, Feb 25, 2009 at 6:10 PM, Jason Starks <jstarks...@gmail.com>wrote: > >> I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can >> occur after triggering a simple programming error (you've shown no signs of >> code execution). Terrrrrrrific. >> >> On Wed, Feb 25, 2009 at 10:36 AM, srl >> <security.research.l...@gmail.com>wrote: >> >>> Security Advisory: >>> >>> PRODUCT >>> ************ >>> http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/ >>> http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar >>> >>> This this is a great tool, used by the two pentesters, pagvac and pdp >>> >>> TECHNICAL DESCRIPTION >>> ******************************** >>> A local buffer overflow exist in dnsmap 0.22. >>> $ dnsmap -r `perl -e 'print "A"x250'` >>> dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) >>> >>> Segmentation fault >>> >>> SOLUTION >>> ************* >>> Wait until pagvac will learn about strncpy(). >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/