There is a problem with the nslookup program related to the handling of long strings.
This problem is reported to be the result of incorrect bounds checking on the part of the lex routines used in nslookup. This vulnerability is mentioned in an IBM advisory as being exploited by attackers.
The impact of this vulnerability is not clear. It may be possible for local attackers to gain root privileges on the vulnerable system.
Apply a Patch
This document was written by Cory F. Cohen.
|Date First Published:||2001-09-26|
|Date Last Updated:||2001-09-26 18:04 UTC|