Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-013.0-Name Service Cache Daemon (nscd) advisory

CSSA-2002-013.0-Name Service Cache Daemon (nscd) advisory

by Nikola Strahija on April 1st, 2002 The Name Service Cache Daemon (nscd) has a default behavior that does not allow applications to validate DNS "PTR" records against "A" records. In particular, nscd caches a request for a "PTR" record, and when a request comes later for the "A" record, nscd simply divulges the information from the cached "PTR" record, instead of querying the authoritative DNS for the "A" record.


Vulnerable Supported Versions

System Package
-----------------------------------------------------------
OpenLinux Server 3.1 nscd

OpenLinux Workstation 3.1 nscd

OpenLinux Server 3.1.1 nscd

OpenLinux Workstation 3.1.1 nscd


3. Solution

Workaround

Caldera recommends that this problem be worked around by
disabling the hosts cache in the nscd configuration file:

In /etc/nscd.conf, add the line

enable-cache hosts no


4. References

Specific references for this advisory:

none


Caldera OpenLinux security resources:

http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:

http://stage.caldera.com/support/security/


5. Disclaimer

Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera International products.


6. Acknowledgements

Louis Imershein ([email protected]) discovered and researched this
vulnerability.
______________________________________________________________________________


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »