Subject: Re: Glibc update and bind failures
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Mon Dec 27 1999 - 18:12:24 MST
Darron,
What version of glibc are you using?
I would suggest trying the version available at
ftp://ftp.devel.yellowdoglinux.com/pub/ruffpack/ruffpack-0.5/YellowDog/RPMS
if that is not what you are already using.
You could also try rolling your own OpenSSH based upon the stock CS 1.1
glibc version.
Regards,
Dan
> Dan and List,
>
> Ever since we updated our glibc to install the OpenSSH (because of the
> ssh/RSARAF exploit) our name server requests from those updated machines
> have been failing randomly - there doesn't seem to be any pattern. here's
> an example:
>
> The original message was received at Mon, 27 Dec 1999 15:39:16 -0700
> from localhost
>
> ----- The following addresses had permanent fatal errors -----
> <nobody@scully.fudgehead.com>
>
> ----- Transcript of session follows -----
> 550 <nobody@scully.fudgehead.com>... Host unknown (Name server:
> scully.fudgehead.com.: host not found)
>
> [ Part 2: "Delivery Status" ]
>
> Reporting-MTA: dns; mulder.fudgehead.com
> Received-From-MTA: DNS; [209.91.88.196]
> Arrival-Date: Mon, 27 Dec 1999 15:39:16 -0700
>
> Final-Recipient: RFC822; nobody@scully.fudgehead.com
> Action: failed
> Status: 5.1.2
> Remote-MTA: DNS; scully.fudgehead.com
> Last-Attempt-Date: Mon, 27 Dec 1999 15:39:17 -0700
>
>
> [ Part 3: "Included Message" ]
>
> Date: Mon, 27 Dec 1999 15:39:16 -0700
> From: Mail Delivery Subsystem <MAILER-DAEMON>
> To: nobody@scully.fudgehead.com
> Subject: Returned mail: Host unknown (Name server: mail.briercrest.ca.:
> host
> not found)
>
> The original message was received at Mon, 27 Dec 1999 15:39:15 -0700
> from IDENT:root@[209.91.88.196]
>
> ----- The following addresses had permanent fatal errors -----
> <info@slyngshot.com>
>
> ----- Transcript of session follows -----
> 550 <info@slyngshot.com>... Host unknown (Name server:
> mail.briercrest.ca.:
> host not found)
>
> [ Part 3.2: "Delivery Status" ]
>
> Reporting-MTA: dns; mulder.fudgehead.com
> Received-From-MTA: DNS; [209.91.88.196]
> Arrival-Date: Mon, 27 Dec 1999 15:39:15 -0700
>
> Final-Recipient: RFC822; lharder@briercrest.ca
> Action: failed
> Status: 5.1.2
> Remote-MTA: DNS; mail.briercrest.ca
> Last-Attempt-Date: Mon, 27 Dec 1999 15:39:16 -0700
>
> I thought it may have been the bind that was updated but that has been put
> back to the original binaries with no changes in the failures.
>
> As a result - I have to remove the OpenSSH and the updated glibc - is
> there a safe way to do the updated glibc? I can just recompile ssh without
> RSARAF - which in retrospect I should have done - and that will take care
> of that exploit but I'm just not sure where to start with the glibc.
>
> Can I just "rpm -i old-glibc --force" without screwing anything up?
>
> Any help would really be appreciated muchly. Thanks.
>
> Darron
> darron@fudgehead.com
> <http://darron.odi.ca/>
>
>
Dan
Terra Soft Solutions, Inc.
Yellow Dog Linux
"The Ultimate Companion for a Dedicated Server"
http://www.yellowdoglinux.com/
This archive was generated by hypermail 2a24 : Sun Jan 02 2000 - 12:12:58 MST