iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Cisco Releases Trio Of Advisories
Search:
[ insider_reports_insider ]

Cisco Releases Trio Of Advisories



Doug Caverly
Staff Writer
2008-05-22

SecurityProNews: Insider Reports Insider Reports RSS Feed


Cisco released three security advisories yesterday, and some onlookers are taking the move as a sign that the company is a little on edge. It seems the patches fall outside Cisco's normal release schedule, and also come right before an important rootkit presentation.

Cisco Releases Trio Of Advisories
Cisco Releases Trio Of Advisories

Two denial of service vulnerabilities and one privilege escalation issue in IOS Secure Shell, the Secure Control Engine, and Voice Portal are at stake. The vulnerabilities' CVSS base scores range from 7.8 to 9.0, with the temporal scores being a bit lower.

Here's the would-be good news: according to Cisco, all of the problems were found thanks to internal testing and customer service requests.

Still, Robert McMillan notes, "Cisco recently changed its software update policy, saying it will now only issue IOS patches in March and September each year, unless forced to rush out a fix for serious bugs that were publicly disclosed or which were being actively exploited." So it stands to reason that these vulnerabilities are being actively exploited.

Moreover, "Sebastian Muniz of CORE Security is scheduled to release a proof of concept Cisco IOS rootkit . . . at EuSecWest," according to George Bakos. So perhaps widespread problems were just one presentation away.

It's possible someone inside Cisco forgot to read the update policy memo, or was just feeling extra frisky and decided to go above and beyond the biannual schedule. The company may be dealing with a fairly big problem, though, which isn't a comforting thought.

Bakos adds, "[I]t's a pretty safe bet that a fair number of security 'researchers' are feverishly reverse engineering the updates to develop exploits for private use and/or public release."


About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds