macfidelity

Nunja, so langsam wird es peinlich fà¼r Apple. Erst brauchen sie 3 Wochen là¤nger wie jeder andere um sich das DNS Problem anzunehmen um es dann nichtmal richtig zu machen.

Wie TidBits berichtet hat das SANS Institute die Probe aufs Exempel gemacht und kam zu dem unrà¼hlichen Resultat, dass ein mit Security Update 2008-005 gepatcher Mac OS X Leopard Client weiterhin anfà¤llig ist.

Ok, der wichtigste Part ist sicherlich dass das Problem Serverseitig gelà¶st scheint, da kaum ein Leopard Client als DNS Server agieren wird, aber trotzdem kommt da ein negativer Beigeschmack zum tragen.

Einen ausfà¼hrlichen Bericht inklusiv praktischem Beispiel bietet TidBits.

Hier ein Auszug:

This exploitation, so far, seems extremely unlikely, but we won’t know how unlikely until security researcher Dan Kaminsky, the discoverer of this flaw, provides full disclosure on 06-Aug-08 in his Black Hat conference talk, “Black Ops 2008: Its (sic) the End of the Cache as We Know It.”

As Rich Mogull and I noted in “Apple Fails to Patch Critical Exploited DNS Flaw” (2008-07-24), servers are at a high risk from this DNS vulnerability. This flaw allows an attacker to send tens of thousands of fake responses for a DNS query to a server, which then poisons the server’s DNS entries if the attacker matches the right pattern with their forged information before the legitimate response arrives from the DNS server for the domain that’s being queried.

However, computers used by individuals without DNS server software in operation are also vulnerable to this flaw in DNS; we just don’t know yet quite how vulnerable. With servers rapidly being patched worldwide, it’s likely that the low-hanging fruit has largely disappeared, and attacks would then turn to clients - if clients are readily exploitable, too. Clients use stub resolvers, which forward requests for DNS answers to a full-blown, or recursive, DNS server run by their company, ISP, network provider, or co-location facility.

These clients pass their requests along, and it seems unlikely that they could be attacked directly unless an attacker had a computer on the same local network segment as the exposed system. In that case, the attacker would have a panoply of other network information poison available, and could disrupt DNS in a more efficient manner.

Links:

• TidBits Artikel (englisch)

• Mac ::: iVPN
• Apple Security Update 2006-008
• 10.5 ::: Heise Security about Mail.app bugs

This entry was posted on Saturday, August 2nd, 2008 at 9:41 pm and is filed under News, Security, _deutsch, mac. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.