FreeBSD's distribution of tcp_wrappers contains a flaw that may allow a malicious user access to restricted network resources. The issue is triggered when a flawed check for a numeric result during reverse DNS lookup occurs. It is possible that the flaw may allow bypass of tcp_wrappers 'PARANOID' ACL restrictions.

Upgrade to 4.3 -STABLE or the RELENG_4_3 security branch released after the correction dates or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

For versions 4.2 -RELEASE, 4.3 -RELEASE and 4.3 -STABLE released before the correction date, FreeBSD has released a patch to address this vulnerability.

• Keyword: 1002271 2001-1155 3229 FreeBSD-SA-01:56
• Security Tracker: 1002271
• CVE ID: 2001-1155 (see also: NVD)
• Bugtraq ID: 3229
• Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc
• Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch.asc
• Vendor URL: http://www.freebsd.org

• Tony Finch - dotdotat.at -