Cisco admits to security flaws in Wi-Fi kits

“CISCO HAS HAD to release a security advisory and tell IT admins to update their wireless LAN hardware after finding a plethora of vulnerabilities in its enterprise Wi-Fi kit.

Cisco noted there was a risk hackers could exploit certain vulnerabilities and security flaws in its Wireless LAN Controllers, Catalyst 6500 Wireless Services Modules (WiSMs), and Catalyst 3750 Integrated Wireless LAN Controllers.

The firm also admitted all its Wireless LAN Controllers using version 4.2 of its software had problems caused by a couple of denial of service (DOS) flaws with a third DOS flaw hitting versions 4.1 of the software.
Amongst the DOS flaws – which affect Catalyst 6500/7600 Series Wireless Services Module and Catalyst 3750 Series Integrated Wireless LAN Controllers – is a Web authentication bug which can make devices reload for seemingly no reason.

Another bug can cause freezing when malformed data packets are received. Cisco 2800 and 3800 series Integrated Services Routers are apparently not affected.

To top it all, the router maker has also fessed up to its Version 4.2.173.0 Wireless LAN controller software having a privilege escalation vulnerability which “may allow an authenticated user to obtain full administrative rights on the affected system.”

Cisco reckons it found the flaws from trusty old customer support cases as well as its own internal probing, and the firm says it has no reason to believe hackers had managed to exploit the vulnerabilities yet.”

Now doesn’t this just suck for companies that are using Cisco? Wi-Fi users worry most about hackers and that is what Cisco failed to secure, HACKERS! Back to the drawing board Cisco

To go directly to the source, click here.

Cisco is in a Pickle!

Cisco is in one hefty situation right now. The Free Softward Foundation (FSF) has sued Cisco for copyright infringment.

It says Cisco’s Linksys division uses GNU code and won’t honor the GPL2 and LGPL2 and 2.1 licenses that the GNU software’s distributed under and give customers the source code to the Cisco-modified embedded firmware that would of course let users in turn modify the software.

FSF wants the profits that Cisco’s made off of Linksys’ allegedly offending widgetry, damages on top of that doubtlessly tidy sum, and an injunction.

For the last five-and-a-half years, the companies have been back and forth about compliance until FSF finally threw up its hands in despair last Thursday that Cisco would ever oblige it and went to court.

According to Brett Smith, FSF’s licensing compliance engineer, “Five years later we still have not seen a plan for compliance.”

To read the rest of the article and see the outcome of the case, proceed to: http://soa.sys-con.com/node/778610