Security problem with nscd, patch in Debian BTS

Petter Reinholdtsen pere@hungry.com
Thu Apr 10 08:49:00 GMT 2003


There is a security problem with nscd reported to Debian BTS,
<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139879>.  I
haven't seen it mentioned anywhere else, and haven't seen it fixed in
later versions of libc.  There is a patch included in the bug report.

The problem is caching IP mappings both ways, making it possible for a
remote host to suddenly resolve from 'localhost'.  The example IP
address from the bug report (80.82.160.10), no longer resolves to
localhost, so I can't demonstrate it any more.

Anyone know if this is fixed in the newest glibc?



More information about the Libc-alpha mailing list