Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-11-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

root nameserver migration

Published: 2007-11-02
Last Updated: 2007-11-03 14:18:10 UTC
by Swa Frantzen (Version: 4)
0 comment(s)

DNS name servers that don't forward their requests to other DNS servers, need to know some of the IP addresses of the root name servers in order to find their way to the rest of the information. They either have this knowledge built-in or use an external file containing an initial mapping.

The "L.ROOT-SERVERS.NET" root name server changed its IP address, and hence some updating to the hints could be useful.

Getting an up to date file:

  • ftp://ftp.internic.net/domain/named.root
  • $ dig @A.ROOT-SERVERS.NET. . ns > root.hint
  • Windows based DNS setups can update it by running the "Configure a DNS Server" wizard and selecting "Configure root hints only".

For the record: this isn't an urgent update. Consider it an opportunity to verify your name server software is up to date on patches and perhaps to learn a few interesting bits on how the DNS system works.

With thanks to Alan for reminding me internic distributes this file. Thanks to Alan for the instructions for windows.

--
Swa Frantzen

Keywords:
0 comment(s)

Symantec local privilege escalation (Mac products)

Published: 2007-11-02
Last Updated: 2007-11-02 21:31:06 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

A local privilege escalation problem in a security product like anti-virus software typically sets of quite some alarms with security people as the software is installed for getting the machines more secure, not less.

Mac versions of Symantec's anti-virus software have a local privilege escalation problem. It allows members of the admin group to gain "root" powers.

Still members of an admin group can use sudo to get a local shell with root powers anyway, hence we're not likely to loose much sleep over this one. That is , until it gets automated in a second stage exploit.

See http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html

--
Swa Frantzen

Keywords:
0 comment(s)

Firefox 2.0.0.9 update

Published: 2007-11-02
Last Updated: 2007-11-02 01:39:56 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

The expected stability update to Firefox is out.

It fixes some known problems in version 2.0.0.8, but nothing flagged as security related.

Funny, stability seems to be like availability. Probably proof quite a few still don't consider availability as an integral part of security ...

--
Swa Frantzen

Keywords:
0 comment(s)
Diary Archives