Cisco, Adobe join patch day parade

Cisco and Adobe roll out software updates to fix a slew of vulnerabilities that could cause denial-of-service, security bypass and cross-site scripting attacks.

Microsoft and Sun weren't the only software vendors rolling out high-priority security patches yesterday.

Cisco and Adobe also joined the parade, shipping updates for a slew of vulnerabilities that could cause denial-of-service, security bypass and cross-site scripting attacks.

Cisco's advisory, rated "moderately critical" by Secunia, contains patches for two separate vulnerabilities in Cisco IOS that could be exploit to bypass certain security restrictions.

The more serious of the two could cause Cisco IOS IPS signatures using regular expressions to mistakenly identify malicious traffic within fragmented IP packets. The second bug is an error within the ATOMIC.TCP scanning mechanism and signatures that could be exploited to crash a device by producing maliciously rigged network traffic.

In all, Adobe released three separate advisories with patches for holes in ColdFusion MX, ColdFusion MX 7 and JRun.

All three Adobe issues could put users at risk of cross-site scripting attacks. Adobe rates the risks as "important" and "moderate."

[UPDATE: February 14, 2007, 4:44 PM] Since the publication of this entry, Cisco has issued two more security alerts, confirming multiple vulnerabilities in the Cisco Firewall Services Module (FWSM) and the Cisco PIX and ASA appliances. Patches for these are available here and here.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All