Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory
From: security () caldera com
Date: Fri, 29 Mar 2002 12:29:45 -0800

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com

______________________________________________________________________________
                   Caldera International, Inc.  Security Advisory

Subject:                Linux: Name Service Cache Daemon (nscd) advisory
Advisory number:        CSSA-2002-013.0
Issue date:             2002, March 26
Cross reference:
______________________________________________________________________________


1. Problem Description

   The Name Service Cache Daemon  (nscd)  has a default behavior  that
   does not allow applications to  validate DNS "PTR" records  against
   "A" records.

   In particular, nscd caches a request for a "PTR" record, and when a
   request  comes later for the "A"  record,  nscd simply divulges the
   information from  the cached "PTR"  record, instead of querying the
   authoritative DNS for the "A" record.


2. Vulnerable Supported Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Server 3.1          nscd
   
   OpenLinux Workstation 3.1     nscd
   
   OpenLinux Server 3.1.1        nscd
   
   OpenLinux Workstation  3.1.1  nscd


3. Solution

   Workaround

        Caldera  recommends that  this  problem  be  worked around  by
        disabling the hosts cache in the nscd configuration file:

        In /etc/nscd.conf, add the line

        enable-cache hosts no


4. References

   Specific references for this advisory:

        none


   Caldera OpenLinux security resources:

        http://www.caldera.com/support/security/index.html

   Caldera UNIX security resources:

        http://stage.caldera.com/support/security/


5. Disclaimer

   Caldera International, Inc. is  not  responsible for the misuse  of
   any  of the information we  provide on this  website and/or through
   our security  advisories.  Our  advisories  are  a service  to  our
   customers   intended  to  promote secure   installation  and use of
   Caldera International products.


6. Acknowledgements

   Louis Imershein (louisi () caldera com) discovered and researched this
   vulnerability.
 ______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory security (Mar 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]