Apple released patches for 17 different flaws of its Mac OS X server. But, as per latest research the patch didn’t do anything. Andrew Storms, director of security operations at nCircle Network Security Inc. conducted a system test with the new patch. Still the Mac OS X client is adding the port on incremental basis.
“The current countermeasure to this DNS cache-poisoning vulnerability is to introduce increased entropy by forcing randomization of the query ID and the source port. Essentially, making it all the more difficult to spoof the DNS response,” said Andrew Storms.
The DNS flaw allows an attacker to execute a cache poisoning attack, where traffic to a legitimate domain name is redirected to a malicious one after an attack on a DNS server. The user types a good URL and can be redirected to a fake one. This can enable phishing attack. Users can be fooled easily in this process. In cache poisoning, this level of attack allows hackers to corrupt the database a DNS server holds in memory. Cisco and Microsoft rolled out patches immediately when the vulnerability was discovered on July 8.
Although, Apple rolled out patches for all Macs running OS X 10.4.11 and 10.5.4 (Server and desktop, Intel and PowerPC, Leopard and Tiger), the fix only repaired the most vulnerable part of DNS, the server software, even on systems that don’t use it. Client DNS software, used by an operating system to request a DNS lookup from a full-scale DNS server, is still at risk. Apple did not immediately respond to questions about the DSN patch.
Source: Network World.Filed under Enterprise Software, Service Pack and Patches | Tags: Apple, Cache, DNS, Intel, Leopard, Mac os x, Phishing, PowerPc, Server, URL | Comment Below