From owner-freebsd-bugs  Mon Aug 11 20:10:07 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id UAA21842
          for bugs-outgoing; Mon, 11 Aug 1997 20:10:07 -0700 (PDT)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id UAA21833;
          Mon, 11 Aug 1997 20:10:03 -0700 (PDT)
Resent-Date: Mon, 11 Aug 1997 20:10:03 -0700 (PDT)
Resent-Message-Id: <199708120310.UAA21833@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, jonny@mailhost.coppe.ufrj.br
Received: from gaia.coppe.ufrj.br (jonny@[146.164.5.200])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA21464
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 11 Aug 1997 20:04:51 -0700 (PDT)
Received: (from jonny@localhost)
	by gaia.coppe.ufrj.br (8.8.6/8.8.6) id AAA20896;
	Tue, 12 Aug 1997 00:04:41 -0300 (EST)
Message-Id: <199708120304.AAA20896@gaia.coppe.ufrj.br>
Date: Tue, 12 Aug 1997 00:04:41 -0300 (EST)
From: Joao Carlos Mendes Luis <jonny@mailhost.coppe.ufrj.br>
Reply-To: jonny@mailhost.coppe.ufrj.br
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/4276: DNS security problems
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         4276
>Category:       bin
>Synopsis:       Security problem with DNS resolution
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 11 20:10:02 PDT 1997
>Last-Modified:
>Originator:     Joao Carlos Mendes Luis
>Organization:
COPPE/UFRJ
>Release:        FreeBSD 2.2-STABLE i386
>Environment:

2.2-STABLE from around 97.07.23.

2.2-RELENG from 97.06.28 does not show this behaviour.

>Description:

who and last report "invalid hostname" when the DNS reverse name of
the origin host is invalid.  This has serious security issues.  The
correct approach would be to report the IP Address.

>How-To-Repeat:

1) Pick a host to serve as a origin to telnet or rlogin.
2) Point it's DNS reverse name to something inexistent.
   Note: Must be an inexistent or invalid direct DNS address.
3) telnet or rlogin to the 2.2 box

And presto:

gaia::jonny [502] who
jonny    ttyp2   Aug  8 15:37   (146.164.63.6:S.0)
jonny    ttyp3   Aug 11 14:03   (146.164.63.6:S.2)
jonny    ttyp4   Aug 11 14:23   (146.164.63.6:S.3)
jonny    ttyp5   Aug 11 16:39   (146.164.63.6:S.4)
jonny    ttyp7   Aug 11 23:57   (invalid hostname)

>Fix:
	
>Audit-Trail:
>Unformatted: