Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

Published: 2011-03-21
Last Updated: 2011-03-22 01:26:13 UTC
by Kevin Shortt (Version: 2)
0 comment(s)

Apple has released some Security updates and various fixes today.  
Here's some handy links with a summarized list of software.

 Security Update 2001-001 - (Leopard - Client)
    Full Details:    http://support.apple.com/kb/HT1222
    Download:      http://support.apple.com/kb/DL1366
Security Update 2001-001 - (Leopard - Server)
    Full Details:    http://support.apple.com/kb/HT1222
    Download:      http://support.apple.com/kb/DL1367
Server Admin Tools 10.6.7
    Full Details:    http://support.apple.com/kb/HT3931
    Download:      http://support.apple.com/kb/DL1365
Mac OS X v10.6.7 Update
    Full Details:    http://support.apple.com/kb/HT4472
    Download:      http://support.apple.com/kb/DL1363
Mac OS X v10.6.7 Update Combo
   Full Details:     http://support.apple.com/kb/HT4472
   Download:       http://support.apple.com/kb/DL1361
Mac OS X v10.6.7 Update for early 2011 MacBook Pro
    Full Details:    http://support.apple.com/kb/HT4472
    Download:      http://support.apple.com/kb/DL1368
Mac OS X Server v10.6.7 Update  
     Full Details:   http://support.apple.com/kb/HT4473
     Download:     http://support.apple.com/kb/DL1362
Mac OS X Server v10.6.7 Update Combo
     Full Details:   http://support.apple.com/kb/HT4473
     Download:     http://support.apple.com/kb/DL1364

The Mac OS X v10.6.7 and Security Update 2011-001 may also be obtained from the Software Update pane in System Preferences.

Summary of update:
  • AirPort
    CVE-2011-0172
  • Apachehttp://httpd.apache.org/
    CVE-2010-1452, CVE-2010-2068
  • AppleScript
    CVE-2011-0173
  • ATS
    CVE-2011-0174, CVE-2011-0175, CVE-2011-0176CVE-2011-0177
  • bzip2
    CVE-2010-0405
  • CarbonCore
    CVE-2011-0178
  • ClamAV - http://www.clamav.net/
    CVE-2010-0405, CVE-2010-3434, CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
  • CoreText
    CVE-2011-0179
  • File Quarantine
  • HFS
    CVE-2011-0180
  • ImageIO
    CVE-2011-0170, CVE-2011-0181, CVE-2011-0191, CVE-2011-0192, CVE-2011-0194
  • Image RAW
    CVE-2011-0193
  • Installer
    CVE-2011-0190
  • Kerberos - http://web.mit.edu/Kerberos/
    CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
  • Kernel
    CVE-2011-0182
  • Libinfo 
    CVE-2011-0183
  • libxml 
    CVE-2010-4008, CVE-2010-4494
  • Mailman
    CVE-2010-3089
  • PHP - http://www.php.net/
    CVE-2006-7243, CVE-2010-2950, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, 
    CVE-2010-4150, CVE-2010-4409, CVE-2010-3436
  • QuickLook
    CVE-2011-0184, CVE-2011-1417
  • QuickTime 
    CVE-2011-0186, CVE-2010-4009, CVE-2010-3801, CVE-2011-0187, CVE-2010-3802
  • Ruby 
    CVE-2011-0188
  • Samba 
    CVE-2010-3069
  • Subversion
    CVE-2010-3315
  • Terminal 
    CVE-2011-0189
  • X11 - http://www.freetype.org/ 
    CVE-2010-3814, CVE-2010-3855 
--
Kevin Shortt
ISC Handler on Duty

0 comment(s)

Port 1434: Sudden Slammer Decline?

Published: 2011-03-21
Last Updated: 2011-03-21 12:44:10 UTC
by Kevin Shortt (Version: 1)
6 comment(s)

We're interested to know what's happening out there.  It has been observed through DShield data that Slammer traffic has had a sudden decline.  I played with the data for a while.  I could make it look like many things, such as slow and steady decline over time.  However, the most compelling story is the one where the data drops on March 9 and 10.

Below is the DShield data and graph on port 1434 for March 2011.  It's speculative at this point as to the cause of the sudden drop.  Japan's earthquake or Patch Tuesday have been kicked around.  I would be remiss if I did not mention Kevin Liston's series on Slammer Cleanup during October. We are loving the thought his great effort was a catalyst for the eradication of it.

So go back and take a look at your data for us and share what you're seeing.  Send us your thoughts on this.

  Port 1434: Sudden Slammer Decline?
 
 
# portascii.html
# Start Date: 2011-03-01 
# End Date: 2011-03-21
# Port: 1434
# created: Mon, 21 Mar 2011 10:15:34 +0000
# Date in GMT. YYYY-MM-DD format.

date    records targets sources tcpratio
2011-03-01      42862   37215   129     0
2011-03-02      62157   50028   158     0
2011-03-03      46789   37745   140     0
2011-03-04      37634   32068   109     0
2011-03-05      62649   50868   121     0
2011-03-06      62221   49475   149     0
2011-03-07      44110   39895   144     0
2011-03-08      60921   46609   140     0
2011-03-09      38503   32512   151     0
2011-03-10      23459   19438   106     0
2011-03-11      1411    1282    49      1
2011-03-12      1740    1702    30      0
2011-03-13      1414    1384    30      1
2011-03-14      1151    944     33      0
2011-03-15      1256    883     50      2
2011-03-16      1021    667     52      4
2011-03-17      1542    599     48      2
2011-03-18      978     515     37      8
2011-03-19      794     639     33      3
2011-03-20      766     635     34      3
2011-03-21      533     435     16      1
# (c) SANS Inst. / DShield. some rights reserved.
# Creative Commons ShareAlike License 2.5
# http://creativecommons.org/licenses/by-nc-sa/2.5/ 
 

 

 

--
Kevin Shortt
ISC Handler on Duty

6 comment(s)
Diary Archives