Cisco & Sun Patch Vulnerabilities in their Operating Software
Cisco released a couple of security patches that fix problems in many of its products of enterprise class, one being the widely used PIX 500 series software.
The security company said that while one flaw in the pair could allow a DoS attack for a sustained period and against two products of Cisco, the other could let an attacker gain total administrative control over the affected system. SCMagazine published this on January 25, 2008.
The company also said that its 5500 Series ASA (Adaptive Security Appliance) and the PIX 500-security firewall could be inflicted with a crafty IP vulnerability. This vulnerability takes place at the time of processing a crafted IP packet, deliberately altered to start off the problem. When the TTL, i.e., Time-to-Live, diminishing utility is activated, this flaw could be responsible for the affected appliance to repeat loading its operating features. If the flaw is repeatedly exploited, it could result in a DoS condition, Cisco noted.
The company has published a workaround with which the problem can be fixed. It pointed out that versions 8.0(3) or 7.2(3)6 and then the ASA and PIX 500 operating software carry patches for the flaw.
This flaw influences the Cisco AVS 3180, 3120, 3110 and 3180A management station programs running software of versions earlier to AVS 5.1.0, according to Cisco. The company said that it was offering upgrade software free of charge to correct the issue.
However, Sun too has issued another update with respect to its Java program that introduces about 370 fixes along with several security updates.
Keeping home users in mind, Sun released update that offers the recent version of Java 6 Update 4. The majority of Windows users would be having some edition of Java on their computer, and with plenty of malware pieces that take advantage of earlier Java loopholes to crash into systems, it would be right to patch the Java software whether it is used or not.
The update is offered for Windows, Solaris and Linux systems.
For a home user with any of the previous versions of the update installed, these should be erased after loading the new update.
Related article: Cisco Finds Two Vulnerabilities and Recommends for Patches
» SPAMfighter News - 04-02-2008