Bug#182886: libc6: local hostnames containing a dot get forwarded outside when doing host-lookups.
Package: libc6
Version: 2.2.5-11.2
Severity: normal
Tags: security
When having a resolv.conv with a line
search subdomain.domain.tld domain.tld
and doing a hostlookup, for example by
ping host.anothersubdomain
it sends dns-requests for
host.anothersubdomain.
host.anothersubdomain.subdomain.domain.tld.
host.anothersubdomain.domain.tld.
instead of a correct
host.anothersubdomain.subdomain.domain.tld.
host.anothersubdomain.domain.tld.
host.anothersubdomain.
thus not only causing unnecessary traffic for
the root-dns-servers but broadcasts informations
to the outside and makes man-in-the-middle
attacks possible. (Or better to say: It makes
places outside the local net to be in the "middle",
for connections, one had never guessed this)
Using "normal" severity instead of "critical" as
the additional attack parts opened up by this
security hole should only be relevant in quite
large organisations under special circumstances
and from a place other attacks might also be
possible.
With respect to responsivity of computers with
far away nameserver, a fix may also need to
let the user switch between theese behaviours,
(though the secure one should be default or
prominently described)
Hochachtungsvoll,
Bernhard R. Link
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pcpool09 2.2.20 #1 Fri May 3 12:42:31 CEST 2002 i586
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE
Reply to: