[原文]TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
FreeBSD's distribution of tcp_wrappers contains a flaw that may allow a malicious user access to restricted network resources. The issue is triggered when a flawed check for a numeric result during reverse DNS lookup occurs. It is possible that the flaw may allow bypass of tcp_wrappers 'PARANOID' ACL restrictions.
-
时间线
2001-07-04
Unknow
Unknow
Unknow
-
解决方案
Upgrade to 4.3 -STABLE or the RELENG_4_3 security branch released after the correction dates or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
For versions 4.2 -RELEASE, 4.3 -RELEASE and 4.3 -STABLE released before the correction date, FreeBSD has released a patch to address this vulnerability.