CVE-2013-1841

NameCVE-2013-1841
DescriptionNet-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs702914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libnet-server-perl (PTS)buster2.009-1vulnerable
bullseye2.009-2vulnerable
bookworm, sid2.010-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libnet-server-perlsource(unstable)2.013-1low702914

Notes

[bullseye] - libnet-server-perl <ignored> (Minor issue)
[buster] - libnet-server-perl <ignored> (Minor issue)
[stretch] - libnet-server-perl <ignored> (Minor issue)
[jessie] - libnet-server-perl <ignored> (Minor issue)
[wheezy] - libnet-server-perl <ignored> (Minor issue)
[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
https://rt.cpan.org/Ticket/Display.html?id=83909
2.011 upstream adds 'double_reverse_lookups' configuration and code as fix
for the issue, but does not enable the checks by default. They need to be
enabled by consumers by setting 'reverse_lookups=double' or double_reverse_lookups=1'.

Search for package or bug name: Reporting problems