PT-2001-2296 · Unknown · Tcp Wrappers
Published
2001-08-23
·
Updated
2024-02-16
·
CVE-2001-1155
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
tcp wrappers versions 4.1.1 through 4.3
Description
The issue concerns the improper checking of the result of a reverse DNS lookup in tcp wrappers when the PARANOID ACL option is enabled. This could allow remote attackers to bypass intended access restrictions via DNS spoofing.
Recommendations
For versions 4.1.1 through 4.3, consider disabling the PARANOID ACL option as a temporary workaround until a patch is available. Restrict access to the reverse DNS lookup functionality to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tcp Wrappers