Dan Kaminsky of IOActive reported vulnerabilities in Bonjour (for Windows) in July, on Tuesday Apple released Bonjour 1.0.5 that includes a patch to fix these vulnerabilities, these releases included a patch for the iPod touch. You will find the new patches within iTunes 8.0 and by accessing the (patch) download from Apple Software Downloads.
mDNSResponder 1
This Patch is for Windows Vista, XP SP2, SP3, 2003, and 2000 (which were directly affected). Apparently the patch is in refernece to CVE-2008-2326 – it is a null pointer reference issue. Apple says that patch will fix the problem with the Bonjour Namespace Providers, some crashes and premature application termination were triggered by the maliciously crafted “.local” domain names which deliberately used a long DNS label. The issue has not affected systems using the Mac OS X.
mDNSResponder 2
This patch is for Windows Vista, XP SP2, SP3, 2003, and 2000. Apparently this patch and update is in accordance and for a vulnerability which was detailed within CVE-2008-3635.
Apple has said that “Bonjour for Windows provides Zero Configuration Networking, Multicast DNS, and Network Service Discovery for Windows users. It’s also possible to use the Bonjour API to issue conventional unicast DNS queries. A weakness in the DNS protocol may allow a remote attacker to spoof DNS responses. As a result, if there are applications that use Bonjour for Windows for unicast DNS, those applications may receive forged information. However, there are no known applications that use the Bonjour APIs for unicast DNS hostname resolution.” -Â This issue has not affected the Mac OS X users.
[ad]
[ad#rss]
[ad#rssemail]
