Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

nslookup Issue?

Published: 2008-08-16
Last Updated: 2008-08-17 16:56:24 UTC
by Marcus Sachs (Version: 3)
0 comment(s)

Two readers pointed us to a SecurityFocus item concerning Microsoft's nslookup.exe.  Details are at:

http://www.securityfocus.com/bid/30636/

A video showing a crash analysis of nslookup.exe is at

http://www.nullcode.com.ar/ncs/crash/nsloo.htm

If anybody has experienced an nslookup.exe crash or knows more about this vulnerability please let us know via our contact page.

UPDATE: CVE-2008-3648 has been assigned to this issue. 

Commentary: As of Sunday (17-AUG-2008) the CVSS Base score for CVE-2008-3648 was 9.3.  I think this is a little high, and once more people look at the issue on Monday this will be reduced.  We have yet to determine if this actually can be leveraged to execute code, and it is unclear if the only exploit scenario is to use nslookup from the command line, or if simply visiting a website linking to a malicious domain is enough. (-KL)


Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords:
0 comment(s)
Diary Archives