• info
• discussion
• exploit
• solution
• references

GNU nscd Incorrect Hosts Cache Behavior Vulnerability

The GNU Name Service Cache Daemon (nscd) provides a cache for common name service requests. It is able to cache requests against the hosts, groups and passwd databases.

A vulnerability has been reported in some versions of nscd. If a request is made for a DNS PTR record, the returned name is cached. If a subsequent A lookup is made against this name, the IP address of the original query is returned.