Test case 1289

Type: source code
Pairs: 1290-v1.0.0
State: bad
Author: MIT
Status: candidate
Language: C
Submission Date: 24 Jan 2006

Description

nslookupComplain vulnerability: CA-2001-02.
From MIT benchmarks (models/bind/b4)
Unchecked sprintf call. An attacker may be able to construct a long query that
overflows the stack buffer and overwrites the return address of
nslookupComplain with the address of the attacker"s shell code.
Bad file: ns-lookup-bad.c
Bad line number: 145, 161.
Taxonomy Classification : 0000306201004

Flaws

CWE-134 Use of Externally-Controlled Format String

Test Suites

Testing Exploitable Buffer Overflows From Open Source Code

Have any comments on this test case? Please, send us an email.