wietseat_private said: > (4) some other application, not tcpd, does address->name lookup > and uses the result for "authentication" purposes. A number of years back smb pointed out the folly of r_cmds.c using #4 alone for authentication, so having the source for SunOS we were able to patch in #1-2 long before Sun got around to it. I hope that nobody ships code like that anymore. This had nothing to do with TTL, of course. And rshd that uses 1+2 should also be not vulnerable to a TTL attack. Cache poisoning was also pointed out and fixed probably as many years ago, also thanks to smb if I recall correctly. > (1) tcpd does address->name lookup, to find out the client > hostname. > (2) tcpd does name->address lookup, to find out the client > address list. > (3) if there is a discrepancy, tcpd drops the connection.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:35 PDT