[Rob Brown] > Is this Issue still open? Is it still a problem in the latest version? > Or can I close this RT Ticket now?
The code in question seem to be this section from Net/Server.pm version 2.009: if ($addr && defined $prop->{'reverse_lookups'}) { if ($INC{'Socket6.pm'} && Socket6->can('getnameinfo')) { my @res = Socket6::getnameinfo($addr, 0); $prop->{'peerhost'} = $res[0] if @res > 1; }else{ $prop->{'peerhost'} = gethostbyaddr($addr, AF_INET); } } As far as I can tell, it only do reverse lookup without comparing it to the addresses returned by a lookup of the name returned by the reverse lookup, which seem to be the problem described in the CVE. In short, I believe the problem from 2013 still is unsolved in version 2.009, but do not know the code and might have overlooked something. -- Happy hacking Petter Reinholdtsen