NEW ON CHANNELWEB

Promo Finder

Women Of The Channel

Apply For Tech Innovators

CRN Fast Growth 100

New Service: Marketing Support

ARC Awards Gala

Real-Time Product Pricing and Availability

Emerging Vendors

State of Tech: Networking

VARBusiness 500

FEATURED VIDEO

Sponsored By:

SLIDE SHOWS

All The Pretty Laptops: 10 Cool Notebook PCs

From ultra-mobile PCs to high-end systems built for the road warrior, here's a look at what's sleek, light and fast in the notebook PC space.

Olympic Phishing: 11 Scams To Watch

The phishers and spammers are at it again. And what better vehicle to distribute malware than a highly trafficked, international sporting event like the 2008 Beijing Summer Olympic Games? From the convincing to the inane, here are a few scams to watch for in the next few weeks. Let the games begin.

12 Busy Scenes From The Beijing Olympics

The Chinese capital of Beijing is humming with excitement over the Games Of The 29th Olympiad. ChannelWeb offers glimpses of how tech giants are showcasing their latest technology advancements on the world's stage.

>>More Slide Shows

INSIDE CHANNELWEB

Annual Guide to Custom Systems

Channel Best-Sellers

Partner Programs Guide

Tech Innovator Awards

Vendor Content Community

Sales Accelerator

Solution Provider Locator

Cisco Issues Five Security Alerts

By Stefanie Hoffman, ChannelWeb
3:51 PM EDT Thu. Jun. 05, 2008

Cisco issued a security advisory today for multiple vulnerabilities in its Cisco ASA 5500 Series Adaptive Security Appliance and the Cisco PIX Security Appliances, all but one of which could lead to a denial of service attack.

The Cisco ASA 5500 is a modular platform providing security and VPN services, while the Cisco PIX appliance is a security device protecting Internet connections geared for remote and branch offices.

Altogether, four denial of service vulnerabilities can be found in the Crafted TCP ACK Packet, the Crafted TLS Packet, the Vulnerability Scan and the Instant Messenger inspection, which includes a glitch that could lead to a denial of service attack in the Cisco ASA and Cisco PIX if the inspection engine was enabled.

The fifth error, a Control-Plane Access Control List vulnerability, could potentially enable an attacker to bypass security restrictions on the control-plane access control lists without authorization. Exploiting an error in the Control-Plane Access Control List, which is designed to protect traffic destined to the security appliance, could cause the control plane ACL not to work after it is configured to the device.

Following release of the Cisco advisory, the U.S. Computer Emergency Readiness Team also released an alert on its Web site today, warning users of the flaws.

The error in the Crafted TCP ACK is the only bug that comes with a workaround. The flaw could cause a denial of service condition on ASA and PIX devices running versions 7.1x and 7.2x with WebVPN, SSL VPN or ASDM.

Experts recommend that users update their systems with the appropriate fixes as soon as possible, which can be downloaded for free to users. So far, experts say that there doesn't appear to be a known public attack exploiting these vulnerabilities.

CHANNELWEB MARKETSPACE >> (Sponsored Links)

>>Buy a Link Now

RELATED NETSEMINARS >>

A Threat a Minute: How to Keep up with the Quick-Changing IT Security Landscape

Bundled Strategies for Data Protection

More Storage, More Security - More Opportunity

>>More Netseminars

WHITEPAPERS >>

Vulnerability Management: Making Risk Visible and Remediation Automatic

Creating a Secure Base in a Virtual World

>>More White Papers