[NA-Discuss] Resend of:Apple DNS Patch Doesn't Fix Client Versions of OS X

[Jeffrey A. Williams]

All,

  Sorry that the list moderator/admin. has trouble counting
to 5.  So I have resent the below Email...

  Yet another too soon.knee jerk claim by Apple.

See:

(August 1, 2008)
Apple released a patch for the recently disclosed and exploited DNS
vulnerability, but while it fixes Mac OS X systems used as DNS servers,
it does not protect Macs being used as client systems.  Fully patched
versions of both Tiger (version 10.4.11) and Leopard (version 10.5.4)
do not adequately randomize DNS source ports.  Apple released Security
Update 2008-005 on Thursday, July 31 to address 17 flaws in its OS X
operating system.
- From Internet Storm Center:
http://isc.sans.org/diary.html?storyid=4810
A quick packet dump of my fully patched Leopard machine (OS X 10.5.4)
shows it is - as a DNS client - still using incrementing ports.
http://www.theregister.co.uk/2008/08/01/osx_still_vulnerable/print.html
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=209901566

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111363&source=rss_topic17

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1 at ix.netcom.com
My Phone: 214-244-4827