Ethereal-dev: Re: [ethereal-dev] DNS exploits

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>
Date: Tue, 11 Apr 2000 16:48:09 -0500
On Tue, Apr 11, 2000 at 03:16:34PM -0500, Gilbert Ramirez wrote:
> 
> 
> On Tue, Apr 11, 2000 at 12:35:41PM -0500, Gilbert Ramirez wrote:
> >
> >
> > At packetstorm.securify.com, I searched for "ethereal" and found
> > "zlip.tar.gz", which contains 3 exploits of DNS resolution:
> >
> > 
> http://209.143.242.119/cgi-bin/search/search.cgi?searchvalue=ethereal&type=archives&search.x=25&search.y=23
> >
> 
> Attached is a very quick patch which keeps Ethereal from hanging on the
> 3 sample traces of this exploit. This is just a quick fix; I haven't looked
> in detail to see if this is the best (or even proper!) fix.
> 
> --gilbert
> 
>  - zlip-fix.diff

FYI, here is a more in-depth discussion of the zlip exploit:

http://www.securiteam.com/exploits/Weaknesses_in_DNS_label_decoding_can_cause_a_Denial_of_Service.html

and

http://www.oamk.fi/~jukkao/bugtraq/9906/0005.html

--gilbert