On 3/31/2012 9:26 PM, Owen Jacobson wrote:
On 2012-03-31 22:58:45 +0000, John Nagle said:
Some versions of CentOS 6 seem to have a potential
getaddrinfo exploit. See
To test, try this from a command line:
ping example
If it fails, good. If it returns pings from "example.com", bad.
The getaddrinfo code is adding ".com" to the domain.
There is insufficient information in your diagnosis to make that
conclusion. For example: what network configuration services (DHCP
clients and whatnot, along with various desktop-mode configuration tools
and services) are running? What kernel and libc versions are you
running? What are the contents of /etc/nsswitch.conf? Of
/etc/resolv.conf (particularly, the 'search' entries)? What do
/etc/hosts, LDAP, NIS+, or other hostname services say about the names
you're resolving? Does a freestanding C program that directly calls
getaddrinfo and that runs in a known-good loader environment exhibit the
same surprises? Name resolution is not so simple that you can conclude
"getaddrinfo is misbehaving" from the behaviour of ping, or of your
Python sample, alone.
In any case, this seems more appropriate for a Linux or a CentOS
newsgroup/mailing list than a Python one. Please do not reply to this
post in comp.lang.python.
-o
I expected that some noob would have a reply like that.
A more detailed discussion appears here:
http://serverfault.com/questions/341383/possible-nxdomain-hijacking
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
