[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] Got a Mac? Patch for DNS - THE OFFICIAL BLOG OF THE SBS DIVA
Thu, Jul 31 2008 20:29 bradley

Got a Mac? Patch for DNS

BIND
CVE-ID:  CVE-2008-1447
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact:  BIND is susceptible to DNS cache poisoning and may return
forged information
Description:  The Berkeley Internet Name Domain (BIND) server is
distributed with Mac OS X, and is not enabled by default. When
enabled, the BIND server provides translation between host names and
IP addresses. A weakness in the DNS protocol may allow remote
attackers to perform DNS cache poisoning attacks. As a result,
systems that rely on the BIND server for DNS may receive forged
information. This update addresses the issue by implementing source
port randomization to improve resilience against cache poisoning
attacks. For Mac OS X v10.4.11 systems, BIND is updated to version
9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version
9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this
issue.
Run a Mac? Go patch your DNS

Patch your Macs

Filed under:

# re: Got a Mac? Patch for DNS

Friday, August 01, 2008 1:34 PM by Lawrence Teo

The patch might not actually address the DNS issue after all:

blog.ncircle.com/.../apple_dns_patch_fails_to_rando.html

# re: Got a Mac? Patch for DNS

Saturday, August 02, 2008 11:45 AM by James_A

Well, by now it's all over the Internet: the patch DOESN'T work. Neither for 10.4 Tiger (which I have) nor for 10.5 Leopard.