Bugtraq mailing list archives
Re: Internet Worm
From: smb () research att com (smb () research att com)
Date: Wed, 19 Oct 94 19:44:08 EDT
> When ypserv doesn dns lookups on behalf of its clients with the -b h ack, > it is using libresolv, so this case also involves Sun's mucking. Ok, I've always been speaking about libc(shared or not) here, and at least two of you are now speaking about libresolv.a. Was I confused, or did someone change the subject? Yes, the gethostbyaddr() call in libresolv has the reverse lookup. No, its done in a different place inside ypserv. ypserv has its own, special version of the resolver library, and does: if (!found_addr) { /* weve been spoofed */ syslog(LOG_CRIT, "nres_gethostbyaddr: %s != %s", temp->name, inet_ntoa(temp->theaddr)); theans = NULL; temp->h_errno = HOST_NOT_FOUND; } in nres_dorecv(). Well, some folks (like us) have put DNS routines into the shared libc, so that everything not statically linked uses the DNS without needing NIS. But that's not the real point. The real point of this discussion is that Sun has chosen (rightly, in my opinion) to put the cross-check into the libraries, rather than the applications. Thus, Sun's rshd and rlogind *don't* do the check themselves. If you replace the resolver routines with ones that don't do the cross-check, you've opened up a great gaping security hole.
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
- Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- Re: Fingerd Summary Adam Shostack (Oct 21)
- Re: Fingerd Summary KevinTX (Oct 21)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- access(2)--a security hole? Jonathan M. Bresler (Oct 20)
- Re: access(2)--a security hole? Justin Mason (Oct 21)
- Re: access(2)--a security hole? Dave Goldberg (Oct 21)