Cisco, Sun patch flaws, including 370 bugs in JavaSE

Share this article:
Cisco and Sun Microsystems have released patches – the latter's covering more than 370 bugs in its JavaSE Runtime Environment software – fixing a wide range of vulnerabilities.

Cisco released two patches that correct issues in several of its enterprise-class products, including the widely deployed PIX 500 series appliance. The company said one of the flaws could result in a sustained DoS attack against two of its security products, while the second bug could allow an attacker to take full administrative control of the impacted system.

Cisco said the PIX 500 firewall and its 5500 Series Adaptive Security Appliance (ASA) are vulnerable to a crafted IP packet vulnerability. This flaw occurs during processing of a crafted IP packet, purposely modified to trigger the issue. Processed when the Time-to-Live (TTL) decrement feature is enabled, this vulnerability can cause the affected device to reload its operating environment. Repeated exploitation of the flaw can cause a DoS attack, according to Cisco.

Cisco has posted a workaround that fixes the problem. The company also noted that versions 7.2(3)6 or 8.0(3) and later of the PIX 500 and ASA operating software contain fixes for the bug.

In addition to giving an attacker full administrator rights, the remaining vulnerability, in Cisco's Application Velocity System (AVS), an appliance that improves the performance of HTML- and XML-based applications, can open user-level access to the appliance's underlying operating system.

This vulnerability affects the Cisco AVS 3110, 3120, 3180 and 3180A management station appliances running software versions prior to AVS 5.1.0, according to the company. Cisco said it is offering free upgrade software to fix the vulnerability.

Sun's release of a new JavaSE Runtime Environment impacts users of Windows, Linux and Solaris systems. This release takes the software to Java 6 Update 4. Windows users can determine what version they have with the Add/Remove Programs icon in the Control Panel. It is listed in various forms -- J2SE Runtime Environment, Java(TM) SE Runtime Environment or just Java(TM).

The Java update is available here []. After installing the Java upgrade, Windows users will most likely have multiple versions of Java installed; they should remove the earlier versions after upgrading their system.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.