National Institute of Standards and Technology
Package illustrating a test case

Test case 1290

Description

nslookupComplain vulnerability: CA-2001-02.
Patched version.
From MIT benchmarks (models/bind/b4)
Unchecked sprintf call. An attacker may be able to construct a long query that
overflows the stack buffer and overwrites the return address of
nslookupComplain with the address of the attacker"s shell code.
Patched file: ns-lookup-ok.c
Patched line number: 140, 154

Flaws

Test Suites

Have any comments on this test case? Please, send us an email.