Security Updates | 2007-08-29
Apple Inc.
APPLE-SA-2007-08-29 AirPort Extreme Base Station Firmware version 7.2.1
A problem in IPv6 could allow a remote attacker to degrade network performance using type 0 routing headers.
Cisco Systems Inc.
Cisco VPN Client Version 5.0.01.0600 Non MSI Installer Pulled From CCO (CCO Login Required)
This update revises a previously announced update regarding vulnerabilities in the Cisco VPN Client for Microsoft Windows. Cisco has removed ‘vpnclient-win-is-5.0.01.0600-k9.exe’ from their site. Additionally, they will no longer release any non-MSI (InstallShield) versions of the Windows client.
XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
Several XSS and SQL injection vulnerabilities have been discovered in Cisco CallManager. There are currently no workarounds for these vulnerabilities, but Cisco will make fixed software available to affected customers.
VTY Authentication Bypass Vulnerability
This is actually an old issue re-surfaced. If you are configuring a Cisco Catalyst switch and enter anything in the VTY line configuration, the switch will insert the no login configuration command there by default. This shouldn’t be a problem for readers that secure their VTY lines.
Red Hat, Inc.
RHSA-2007:0868 Moderate: Red Hat Network Satellite Server security update
This update addresses a vulnerability in Red Hat Network Satellite Server version 5.0.0. The Red Hat Security Response Team has rated this update as having moderate security impact.
Get Slaptijack updates for free.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!