getaddrinfo NXDOMAIN exploit - please test on CentOS 6 64-bit
John Nagle
nagle at animats.com
Sun Apr 1 00:31:24 EDT 2012
On 3/31/2012 9:26 PM, Owen Jacobson wrote:
> On 2012-03-31 22:58:45 +0000, John Nagle said:
>
>> Some versions of CentOS 6 seem to have a potential
>> getaddrinfo exploit. See
>>
>> To test, try this from a command line:
>>
>> ping example
>>
>> If it fails, good. If it returns pings from "example.com", bad.
>> The getaddrinfo code is adding ".com" to the domain.
>
> There is insufficient information in your diagnosis to make that
> conclusion. For example: what network configuration services (DHCP
> clients and whatnot, along with various desktop-mode configuration tools
> and services) are running? What kernel and libc versions are you
> running? What are the contents of /etc/nsswitch.conf? Of
> /etc/resolv.conf (particularly, the 'search' entries)? What do
> /etc/hosts, LDAP, NIS+, or other hostname services say about the names
> you're resolving? Does a freestanding C program that directly calls
> getaddrinfo and that runs in a known-good loader environment exhibit the
> same surprises? Name resolution is not so simple that you can conclude
> "getaddrinfo is misbehaving" from the behaviour of ping, or of your
> Python sample, alone.
>
> In any case, this seems more appropriate for a Linux or a CentOS
> newsgroup/mailing list than a Python one. Please do not reply to this
> post in comp.lang.python.
>
> -o
>
I expected that some noob would have a reply like that.
A more detailed discussion appears here:
http://serverfault.com/questions/341383/possible-nxdomain-hijacking
John Nagle
More information about the Python-list
mailing list