Apple Security Patch Flubs DNS Fix

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via InformationWeek.

[snip]

Apple on Thursday released Security Update 2008-005 [1], a collection of 17
fixes for security vulnerabilities in its Mac OS X operating system.

Among the fixes is what looks to be a patch for the DNS cache poisoning
vulnerability that security experts spent most of July warning about.

But according to security researcher Swa Frantzen from the SANS Internet
Storm Center, Apple's fix hasn't quite done the trick.

"Apple might have fixed some of the more important parts for servers, but
is far from done yet as all the clients linked against a DNS client library
still need to get the workaround for the protocol weakness," said Frantzen
in a blog post [2].

The issue appears to be that despite Apple's patch, BIND under OS X is
incrementing the ports it uses to communicate DNS information in a
predictable pattern.

[snip]

More:
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleI
D=209901566

[1] http://support.apple.com/kb/HT2647
[2] http://isc.sans.org/diary.html?storyid=4810

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIk2aMq1pz9mNUZTMRApF6AKCwjeuGlzjKRjb8j3p96ppfrRCW+wCfaJw8
BSO24fbowP7gaDLxV42XAys=
=G/SP
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.