Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » FreeBSD tcp_wrappers PARANOID Checking Bypass Vulnerability

FreeBSD tcp_wrappers PARANOID Checking Bypass Vulnerability

by Phiber on August 25th, 2001 A problem exists in tcp_wrappers that may cause some checks to fail when the 'PARANOID' ACL option is enabled in the configuration file.
The 'PARANOID' ACL option is used to cause tcp_wrappers to drop requests from any host that has a name that does not match it's address. The problem is the result of a flawed check for a numeric result during reverse DNS lookup.


If an attacker is able to influence the results of reverse DNS lookups, it may be able to bypass these restrictions by impersonating a trusted host. This may allow an attacker to bypass the host access control rules on a vulnerable system, possibly leading to further attacks against the host.


Solution:


- Vendor-supplied updates that rectify this issue are available:


FreeBSD FreeBSD 4.3-RELEASE:
FreeBSD upgrade SA-01:56 security-patch-tcp_wrappers-01.56.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:56/security-patch-tcp_wrappers-01.56.tgz

FreeBSD patch SA-01:56 tcp_wrappers.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch

FreeBSD FreeBSD 4.2-RELEASE:
FreeBSD patch SA-01:56 tcp_wrappers.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »