Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cisco, Apple Patch Security Glitches

    By
    Matt Hines
    -
    April 20, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Cisco Systems and Apple Computer each released new security patches meant to plug vulnerabilities discovered in their respective products.

      The networking giant issued patches for several types of software, while industry watchdogs identified a separate issue in a discontinued model of its Linksys brand routers. For its part, Apple detailed an issue related to a Java-oriented element of its software update services.

      Cisco specifically addressed a privilege escalation vulnerability identified by researchers in a number of its products that could allow attackers to take control of devices running the affected software. The issue is present in the companys Cisco Wireless LAN Solution Engine, Cisco Hosting Solution Engine, Cisco User Registration Tool, Cisco Ethernet Subscriber Solution Engine and CiscoWorks2000 Service Management Solution.

      /zimages/6/28571.gifMicrosoft fesses up to hiding details on vulnerabilities discovered internally. Click here to read why and why that policy is risky.

      The company issued patches aimed to fix the glitches in the Hosting Solution Engine and User Registration Tool, but said that it will not distribute updates for the Ethernet Subscriber Solution Engine and Works2000 Service Management package as both products are no longer supported, having reached “end of life” status. Organizations still using those products can retain assistance from the companys technical support staff, however.

      The company issued a separate security advisory related to the Wireless LAN Solution Engine, which runs inside the Cisco networking appliance that bears the same name. According to the company, the appliance is affected by the privilege escalation vulnerability, along with an XSS (cross site scripting) vulnerability that could allow an attacker to gain administrative privileges on the system.

      By exploiting the two vulnerabilities together, Cisco said an attacker can obtain complete control of the WLSE appliance. The company said there is no workaround for avoiding the issues, but issued software updates meant to patch the bugs. Cisco warned that customers should ensure that their devices contain sufficient memory and have been properly configured to install its latest software patch.

      Cisco also issued an update aimed at fixing a security issue in its Cisco IOS XR networking device operating system. The company said that multiple MPLS (Multi Protocol Label Switching)-related vulnerabilities exist in the operating system, which could allow an attacker to reload the MSC (Modular Services Card) on one of its CRS-1 routers or the line cards on a Cisco 12000 series router. Repeated exploitation of the problem could result in a sustained denial-of-service attack, the company said.

      The United States Computer Emergency Readiness Team, or CERT, detailed several vulnerabilities in a discontinued VOIP (voice over IP) router built by Ciscos Linksys division. CERT contends that the Linksys RT31P2 VOIP router contains several vulnerabilities that could allow a remote, unauthenticated attacker to launch a denial-of-service attack.

      /zimages/6/84833.gifZiff Davis Media eSeminars invite: Join us April 24 at 2 p.m. ET to learn how a comprehensive approach to enterprise messaging management can ensure the protection and accessibility of e-mail.

      Specifically, the researchers said that the RT31P2 unit fails to properly handle malformed SIP (Session Initiation Protocol) messages used by VOIP systems, which could allow someone to disrupt phone service facilitated by the devices. Linksys representatives didnt immediately return calls seeking further details on the issue, and CERT said there is no known solution to the problem.

      Apple, meanwhile, released a security bulletin detailing a glitch related to the security content of a version of Sun Microsystems J2SE (Java 2 Standard Edition) Release 4 that it has been making available over its Software Update and Apple Downloads services.

      While the company did not disclose all the details of the issue, as it said that it is still investigating the problem, the hardware maker is already offering a patch that it said should alleviate two specific J2SE glitches. In one instance, the computer maker detailed a security vulnerability in the Java Web Start portion of the program that may allow an application to elevate its privileges.

      A second issue, tied to vulnerabilities related to the use of “reflection” APIs in the Java Runtime Environment, could also allow a program applet to elevate its privileges, Apple said.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×