Bug 90463
| Summary: | nscd uses cached reverse lookups for later forward lookups | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Norbert Warmuth <norbert.warmuth> | ||||||||||||
| Component: | nscd | Assignee: | Jakub Jelinek <jakub> | ||||||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||
| Priority: | medium | ||||||||||||||
| Version: | 7.3 | Keywords: | Security | ||||||||||||
| Target Milestone: | --- | ||||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | i686 | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2003-12-12 08:59:32 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Attachments: |
|
||||||||||||||
Created attachment 91562 [details]
Example session 1
Created attachment 91563 [details]
Example session 2
Created attachment 91564 [details]
nscd configuration file
Created attachment 91565 [details]
nsswitch.conf
Created attachment 91566 [details]
/etc/hots
This shouldn't be a problem anymore in RHL9. Please try it. Verified -- RHL9 (all updates installed) does not exhibit this problem. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030314 Description of problem: nscd uses the result of GETHOSTBYADDR requests to answer later GETHOSTBYNAME requests. An attacker might poison the nscd cache and redirect IP traffic. See the attachments for a sample session and configuration files. Version-Release number of selected component (if applicable): nscd-2.2.5-43 How reproducible: Always Steps to Reproduce: 1. setup nameserver with a PTR RR resolving to "localhost." 2. connect to the victim host using the IP of the PTR RR 3. now the victim's nscd cache is poinsoned and traffic to the hostname localhost will we directed to the attacher's IP Additional info: