SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Name Service Cache Daemon Vendors:   Caldera/SCO
Caldera OpenLinux Name Service Cache Daemon (ncsd) Flaw May Let Users Spoof the DNS and Bypass Security Checks
SecurityTracker Alert ID:  1003929
SecurityTracker URL:  http://securitytracker.com/id/1003929
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 31 2002
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera issued an advisory warning of a flaw in the Caldera OpenLinux name service cache daemon (nscd). The daemon may not allow applications to validate records properly.

It is reported that the Name Service Cache Daemon (nscd) has a default configuration vulnerability that does not allow applications to validate DNS "PTR" records againstn "A" records.

It is reported that nscd will cache a request for a "PTR" record. When a subsequent request is submitted for the "A" record, the nscd will return the information from the cached "PTR" record instead of querying the authoritative DNS for the "A" record. This could allow a user to spoof the DNS and bypass security checks made by applications that attempt to verify the reverse lookup PTR record with an authoritative A record.

It is reported that Louis Imershein (louisi@caldera.com) discovered and researched this vulnerability.

Impact:   A user could potentially spoof the DNS and bypass security checks made by applications that attempt to verify the reverse lookup PTR record with an authoritative A record.
Solution:   As a workaround, Caldera recommends that users disable the hosts cache in the nscd configuration file:

In /etc/nscd.conf, add the line

enable-cache hosts no

Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   Configuration error, State error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux Workstation and Server versions 3.1, 3.1.1

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory


--H4SyuGOnfnj3aJqJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux: Name Service Cache Daemon (nscd) advisory
Advisory number: 	CSSA-2002-013.0
Issue date: 		2002, March 26
Cross reference:
______________________________________________________________________________


1. Problem Description

   The Name Service Cache Daemon  (nscd)  has a default behavior  that
   does not allow applications to  validate DNS "PTR" records  against
   "A" records.

   In particular, nscd caches a request for a "PTR" record, and when a
   request  comes later for the "A"  record,  nscd simply divulges the
   information from  the cached "PTR"  record, instead of querying the
   authoritative DNS for the "A" record.


2. Vulnerable Supported Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Server 3.1          nscd
   
   OpenLinux Workstation 3.1     nscd
   
   OpenLinux Server 3.1.1        nscd
   
   OpenLinux Workstation  3.1.1  nscd


3. Solution

   Workaround

	Caldera  recommends that  this  problem  be  worked around  by
	disabling the hosts cache in the nscd configuration file:

	In /etc/nscd.conf, add the line

	enable-cache hosts no


4. References

   Specific references for this advisory:

	none


   Caldera OpenLinux security resources:

	http://www.caldera.com/support/security/index.html

   Caldera UNIX security resources:

	http://stage.caldera.com/support/security/


5. Disclaimer

   Caldera International, Inc. is  not  responsible for the misuse  of
   any  of the information we  provide on this  website and/or through
   our security  advisories.  Our  advisories  are  a service  to  our
   customers   intended  to  promote secure   installation  and use of
   Caldera International products.


6. Acknowledgements

   Louis Imershein (louisi@caldera.com) discovered and researched this
   vulnerability.
 ______________________________________________________________________________

--H4SyuGOnfnj3aJqJ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjykzrgACgkQbluZssSXDTH47gCfYZkzNgDcYGc+65j+om1mGMb2
o8oAnj4BfuM5gN0Bvdi381lK5GuibV4f
=yKNW
-----END PGP SIGNATURE-----

--H4SyuGOnfnj3aJqJ--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC