From: Adams Kevin J (kevin.adams@PHS.COM)
Date: Wed Jul 10 2002 - 17:56:58 EDT
The above CERT Advisory just came out and deals with a DNS resolver library
security exposure.
I have no /etc/resolv.conf and do not set NSORDER and my /netsvc.conf
specifies "hosts=local", so I don't go after a real DNS, but am I using the
DNS libraries none the less when I go after /etc/hosts? i.e., gethostbyaddr
and gethostname.
In other words, am I still vulnerable even if I only use a hosts file? I
would think not, but just making sure.
The text of the advisory is available at http://www.cert.org/.
I just re-read the cert and it mentions an attacker who send malicious DNS
responses, so it appears you need to be using a real DNS.
I hadn't seen any traffic on this, so there you go.
Thanks,
Kevin Adams
This electronic message transmission, including any attachments, contains information from PacifiCare Health Systems Inc. which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:03 EDT