This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Security problem with nscd, patch in Debian BTS

From: Petter Reinholdtsen <pere at hungry dot com>
To: libc-alpha at sources dot redhat dot com
Date: Thu, 10 Apr 2003 10:48:31 +0200
Subject: Security problem with nscd, patch in Debian BTS

There is a security problem with nscd reported to Debian BTS,
<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139879>.  I
haven't seen it mentioned anywhere else, and haven't seen it fixed in
later versions of libc.  There is a patch included in the bug report.

The problem is caching IP mappings both ways, making it possible for a
remote host to suddenly resolve from 'localhost'.  The example IP
address from the bug report (80.82.160.10), no longer resolves to
localhost, so I can't demonstrate it any more.

Anyone know if this is fixed in the newest glibc?

Follow-Ups:
- Re: Security problem with nscd, patch in Debian BTS
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]