CVE-2013-1841

Name	CVE-2013-1841
Description	Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severity	medium (attack range: remote)
Debian Bugs	702914

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libnet-server-perl (PTS)	jessie	2.008-1	vulnerable
	stretch	2.008-3	vulnerable
	buster, sid	2.009-1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libnet-server-perl	source	(unstable)	(unfixed)	low		702914

Notes

[stretch] - libnet-server-perl <ignored> (Minor issue)
[jessie] - libnet-server-perl <ignored> (Minor issue)
[wheezy] - libnet-server-perl <ignored> (Minor issue)
[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
https://rt.cpan.org/Ticket/Display.html?id=83909