Cisco's security software is itself subject to a hazardous security bug. Certain versions of the network giant's desktop and server intrusion prevention client - Cisco Security Agent - are vulnerable to a denial of service attack. Cisco has issued a patch.

The vulnerability stems from an error within the packet handling of the software which creates a mechanism to crash vulnerable systems via a specially crafted IP packet. The software bug affects CSA version 4.5 running on Windows system (excluding Windows XP). The bug was discovered by Ben Collins of InfoSec Research Labs. More info on the glitch and links to the relevant hotfix can be found here (http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml). ®

Related stories

Cisco fixes 'decoy attack' in security software (http://www.theregister.co.uk/2004/11/16/csa_flaw/)
Cisco source code theft part of 'mega-hack' (http://www.theregister.co.uk/2005/05/10/cisco_hack_investigation/)
Cisco beefs up IOS security (http://www.theregister.co.uk/2004/03/10/cisco_beefs_up_ios_security/)
Security products 'riddled' with bugs (http://www.theregister.co.uk/2005/06/20/yankee_security_product_risks/)
Cisco Security Agent laid bare (http://www.theregister.co.uk/2005/07/01/book_offer_cisco_guides/)