help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.0.4 partially fixes "hosts" problem.


From: Martin A. Brooks
Subject: Re: 2.0.4 partially fixes "hosts" problem.
Date: Mon, 02 Sep 2002 15:58:57 +0100

At 16:40 02/09/2002 +0200, you wrote:

This is a a problem in your DNS?? If you don't want this check, then
you should specificy SkipVerify. But reverse lookup *ought to be possible*,
or am I misunderstanding your point?

I think you miss the point. I add the hosts entry on the /client/ side. The server is ignoring the fact that that IP actually resolves to something else and blindly trusts client that the FQDN for the client is foobar.lon4.fastsearch.net

At some point the during the conversation the client is saying "I think I'm called foobar.lon4.fastsearch.net" and the server believes this.

On 2.0.3 this can be considered to be a DoS attack, as it actually coredumps cfservd.

Mart.






reply via email to

[Prev in Thread] Current Thread [Next in Thread]