This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Security problem with nscd, patch in Debian BTS
- From: Petter Reinholdtsen <pere at hungry dot com>
- To: libc-alpha at sources dot redhat dot com
- Date: Thu, 10 Apr 2003 10:48:31 +0200
- Subject: Security problem with nscd, patch in Debian BTS
There is a security problem with nscd reported to Debian BTS,
<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139879>. I
haven't seen it mentioned anywhere else, and haven't seen it fixed in
later versions of libc. There is a patch included in the bug report.
The problem is caching IP mappings both ways, making it possible for a
remote host to suddenly resolve from 'localhost'. The example IP
address from the bug report (80.82.160.10), no longer resolves to
localhost, so I can't demonstrate it any more.
Anyone know if this is fixed in the newest glibc?