Bugtraq mailing list archives

Re: Internet Worm

From: seeger () cis ufl edu (F. L. Charles Seeger III)
Date: Tue, 18 Oct 1994 21:09:46 -0400


+------ jim () Tadpole COM wrote (Tue, 18-Oct-94, 13:57 -0500):
|
| Sun (at least in SunOS 4) didn't do any "mucking about" with
| libresolv and YP in libc.

Wrongo!.  Sun changed the semantics of the gethostbyaddr() resolver
function and changed several programs, including rlogin, to depend
on the changed semantics for security.

The change has gethostbyaddr() checking its result with a call to
gethostbyname(), i.e. checking that the DNS has both a PTR record
and a matching A record for that IP address and associated host name.
The intent is to prevent spoofing.  IMHO, this ought to be done
either in the application program or in a separate library call.

Regards,
Chuck

Current thread:

Re: Internet Worm, (continued)
- - - Re: Internet Worm Pat Myrto (Oct 17)
    - Re: Internet Worm David Miller (Oct 17)
    - PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
    - Re: Internet Worm Fred Kuhns (Oct 18)
  - Internet Worm Source Code Michael S. Hines (Oct 17)
  - rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm Icarus Sparry (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)
  - Re: Internet Worm Gene Spafford (Oct 19)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
  - Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
  - R utilities, addresses, etc. Charles Howes (Oct 20)
    - Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
    - Re: R utilities, addresses, etc. Charles Howes (Oct 21)

(Thread continues...)