bing gethostbyaddr Buffer Overflow Vulnerability
BID:2279
Info
bing gethostbyaddr Buffer Overflow Vulnerability
| Bugtraq ID: | 2279 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 19 2001 12:00AM |
| Updated: | Jan 19 2001 12:00AM |
| Credit: | This vulnerability was announced to Bugtraq by Paul Starzetz <[email protected]> on January 19, 2001. |
| Vulnerable: |
Pierre Beyssac bing 1.0.4 |
| Not Vulnerable: | |
Discussion
bing gethostbyaddr Buffer Overflow Vulnerability
bing is a freely available, open source software package written by Pierre Beyssac. The package is designed to calculate the capacity between two points by sending various sized ICMP packets and recording their return times.
A problem in bing can allow a local user to gain administrative privileges. A static buffer used to store the name of the host using a gethostbyaddr function is allocated a static 80 byte buffer in memory. It is possible for a user with control of their on IN-ADDR.arpa zone to create a custom crafted entry in their zone records, appended with shell code. Upon receiving the IN-ADDR entry, the buffer could overflow, overwriting stack variables up through the return address, and therefore executing the shellcode in the zone entry. This problem makes it possible for a user with malicious motives to gain elevated privleges on a vulnerable system, including administrative access.
bing is a freely available, open source software package written by Pierre Beyssac. The package is designed to calculate the capacity between two points by sending various sized ICMP packets and recording their return times.
A problem in bing can allow a local user to gain administrative privileges. A static buffer used to store the name of the host using a gethostbyaddr function is allocated a static 80 byte buffer in memory. It is possible for a user with control of their on IN-ADDR.arpa zone to create a custom crafted entry in their zone records, appended with shell code. Upon receiving the IN-ADDR entry, the buffer could overflow, overwriting stack variables up through the return address, and therefore executing the shellcode in the zone entry. This problem makes it possible for a user with malicious motives to gain elevated privleges on a vulnerable system, including administrative access.
Exploit / POC
bing gethostbyaddr Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].