----- Original Message ----- From: "Chris Buxton" <[EMAIL PROTECTED]> To: "Hardened LFS Development List" <hlfs-dev@linuxfromscratch.org> Sent: Saturday, July 12, 2008 1:11 AM Subject: DNS spoofing vulnerability
> I assume most of you have heard about the recent BIND/MS DNS updates > to somewhat address a new DNS spoofing attack vector discovered by Dan > Kaminsky. > > What you may not have heard is that the Unix stub resolver, part of > glibc, is also vulnerable. > > Does anyone know if/when glibc will be patched against this? Until it > is, you should disable nscd (the stub resolver's caching daemon) if > you're using it. (Also disable any other DNS caching routine you have > running until the problem is addressed by the vendor - too bad Mac > users really can't do this.) This will reduce your exposure, although > not as much as using a patched stub resolver would. > dnsmasq-2.43 now has randomized port(released today) Gilles -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
