[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: 2 Issues

From: John Dalbec <jpdalbec ysu edu>
To: fedora-legacy-list redhat com, wcooley nakedape cc
Cc:
Subject: Re: 2 Issues
Date: Fri, 06 Aug 2004 12:59:14 -0400

Wil Cooley <wcooley nakedape cc> wrote:

1/ The recently released libxml2-python 2.4.19-5.legacy is missing the
Python 2.2 modules:

/usr/lib/python2.2/site-packages/libxml2.py
/usr/lib/python2.2/site-packages/libxml2mod.so

2.4.19-6.legacy is in updates-testing now and has the missing modules.

2/ nscd from glibc-2.2.5-44 is vulnerable to DNS cache poisoning. I don't know how it is when BIND doesn't seem to be affected, but several times now I've found 'localhost' mapping to an address block assigned to APNIC. I did a search and a few other people have seen this too. (There was no specific break-in because my firewall kept things sane.) You can use 'getent' to check ('host' only does DNS; 'getent' does NSS-lookups): 'getent hosts localhost'. Workaround: Disable cache for hosts in /etc/nscd.conf or disable nscd (not a good solution if you're using NIS/LDAP/SQL/etc).

I think that if this were easy to fix Red Hat would have done so when people first complained about it. Personally I've disabled hosts caching on my systems.

John

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]