Security problem with nscd, patch in Debian BTS
Petter Reinholdtsen
pere@hungry.com
Thu Apr 10 08:49:00 GMT 2003
There is a security problem with nscd reported to Debian BTS,
<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139879>. I
haven't seen it mentioned anywhere else, and haven't seen it fixed in
later versions of libc. There is a patch included in the bug report.
The problem is caching IP mappings both ways, making it possible for a
remote host to suddenly resolve from 'localhost'. The example IP
address from the bug report (80.82.160.10), no longer resolves to
localhost, so I can't demonstrate it any more.
Anyone know if this is fixed in the newest glibc?
More information about the Libc-alpha
mailing list