Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-02-15 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OS X Software Update to 10.4.5, and now I wonder if I missed one?

Published: 2006-02-15
Last Updated: 2006-02-15 17:53:58 UTC
by William Salusky (Version: 2)
0 comment(s)
The Apple Product Security team released a security patch notice today regarding the latest available OS X Software Update.  This sets the current OS X revision level firmly at 10.4.5.  The Software Update detail refers to many networking/application updates but does not really mention the Kernel level system crash that may be triggered by a malicious local user.  Well, I'm not going to be giving local system access away to my machine to find out what that case might look like.

I do find it interesting that at the time of my viewing of the following URL for the apple.com knowledge base detailed information Security Update page the most recent entry is from Jan 10th.  There is no mention of a Kernel issue there, though I'm sure they'll catch up. http://www.info.apple.com/kbnum/n61798/  

A worrisome observation that may simply be my failing senses, is that my Powerbook which as of this writing is running 10.4.3, and today we have the 10.4.5 release.  I'm pretty good about paying attention to software updates, did anyone else experience this loss of awareness?
FYI, It has been confirmed by many sources in fact that yes there was a 10.4.4, I did give myself the out in that I probably missed it.  So "Yes, I am a big dumb-dumb", and have probably been asleep at the wheel for a month or so.  More interesting terms have been thrown may way which I am wise in choosing not to reprint, but accept them graciously and resemble entirely.  Ok, Luke?

I unfortunately do not have a test subject (i.e. coworker) to have patch their OS X installation first, so I'm going to bite the bullet and go for broke.  Software Update here I come... <<CONNECTION TERMINATED>>

:)  Just kidding.  I really do like my powerbook.

Keywords:
0 comment(s)

Linux kernel 2.6 ICMP bug resulting in remote DoS

Published: 2006-02-15
Last Updated: 2006-02-15 17:45:01 UTC
by William Salusky (Version: 1)
0 comment(s)
Here we have a perfect example of how hard it is sometimes to stay abreast of security risks.  Thanks to Ronald for the heads up, it looks like there are a few additional mailing lists I need to consider subscribing.

Over a week ago, the 2.6.15.3 Linux kernel included a patch to address a bug in the icmp_send function that would crash the kernel resulting in a DoS.  The current latest stable Linux kernel is 2.6.15.4 available from http://www.kernel.org/.  Details are available at http://www.securityfocus.com/bid/16532/.

For mitigation, I choose to quote HD Moore since he has put it most simply 'The easy fix is to block ICMP until you upgrade your kernels...'.  'nuff said.



Keywords:
0 comment(s)

SANS ISC Receives Award

Published: 2006-02-15
Last Updated: 2006-02-15 17:16:04 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
The SANS Internet Storm Center was recognized Tuesday evening at the annual RSA Conference by receiving the SC Magazine Editors Choice Award for 2006.  We are deeply humbled by the honor and I would like to extend my appreciation to the many people behind the SANS ISC who make all of this possible.  The group of volunteer incident handlers that spend countless hours chasing all sorts of problems on the Internet are at the heart of the ISC and without them we could not exist - thanks ladies and gents!  Likewise, the large army of volunteers who run DShield sensors, those who participate in the email groups and online forums, and the thousands of readers who provide observations, thoughts, and analysis in support of making the Internet more secure are also part of this recognition.  Finally, kudos to the SANS Institute for providing the servers, Internet connections, and back office support over the past several years.  As we approach our fifth birthday I think that we have reached a significant milestone.  We look forward to many more years of collaboration and teamwork as we endeavor to build a more secure Internet.

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords:
0 comment(s)
Diary Archives