getaddrinfo NXDOMAIN exploit - please test on CentOS 6 64-bit
Owen Jacobson
angrybaldguy at gmail.com
Sun Apr 1 00:26:00 EDT 2012
On 2012-03-31 22:58:45 +0000, John Nagle said:
> Some versions of CentOS 6 seem to have a potential
> getaddrinfo exploit. See
>
> To test, try this from a command line:
>
> ping example
>
> If it fails, good. If it returns pings from "example.com", bad.
> The getaddrinfo code is adding ".com" to the domain.
There is insufficient information in your diagnosis to make that
conclusion. For example: what network configuration services (DHCP
clients and whatnot, along with various desktop-mode configuration
tools and services) are running? What kernel and libc versions are you
running? What are the contents of /etc/nsswitch.conf? Of
/etc/resolv.conf (particularly, the 'search' entries)? What do
/etc/hosts, LDAP, NIS+, or other hostname services say about the names
you're resolving? Does a freestanding C program that directly calls
getaddrinfo and that runs in a known-good loader environment exhibit
the same surprises? Name resolution is not so simple that you can
conclude "getaddrinfo is misbehaving" from the behaviour of ping, or of
your Python sample, alone.
In any case, this seems more appropriate for a Linux or a CentOS
newsgroup/mailing list than a Python one. Please do not reply to this
post in comp.lang.python.
-o
More information about the Python-list
mailing list