Users login

Create an account »


Users login

Home » Hacking News » FreeBSD tcp_wrappers PARANOID Checking Bypass Vulnerability

FreeBSD tcp_wrappers PARANOID Checking Bypass Vulnerability

by Phiber on August 25th, 2001 A problem exists in tcp_wrappers that may cause some checks to fail when the 'PARANOID' ACL option is enabled in the configuration file.
The 'PARANOID' ACL option is used to cause tcp_wrappers to drop requests from any host that has a name that does not match it's address. The problem is the result of a flawed check for a numeric result during reverse DNS lookup.

If an attacker is able to influence the results of reverse DNS lookups, it may be able to bypass these restrictions by impersonating a trusted host. This may allow an attacker to bypass the host access control rules on a vulnerable system, possibly leading to further attacks against the host.


- Vendor-supplied updates that rectify this issue are available:

FreeBSD upgrade SA-01:56 security-patch-tcp_wrappers-01.56.tgz

FreeBSD patch SA-01:56 tcp_wrappers.patch

FreeBSD patch SA-01:56 tcp_wrappers.patch

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »