Cisco, Symantec, Apache Tackle Y2K10 Glitches

No, it's not Y2K, but vendors have had to contend with a few small problems stemming from the new year.

Remember the Y2K bug? Ten years after the original scare leading up to the year 2000, IT systems are once again facing problems due to the changing of the calendar year.

Now, the issues are stemming from the rollover to 2010 -- or Y2K10, as it's being termed. There are reports out of Germany that millions faced problems with credit and debit card access due to Y2K10 bugs.

It's not just consumer-facing technology that has had difficulties. On the enterprise IT side, network and security software has been hit with some Y2K10-related issues as well. Fortunately, several IT vendors are already springing into action to address glitches in their products caused by the new calendar year. Among them is networking giant Cisco (NASDAQ: CSCO).

"Cisco is aware of and has resolved a cookie expiration issue which could potentially affect some Cisco Content Switching Module (CSM) customers," Cisco said in an e-mail to InternetNews.com. CSM provides additional content-switching capabilities to the Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Router.

The company said it's fixed the problem in the latest release of CSM.

"In addition to CSM Release 4.2.(13) that fully addresses the issue, an easy-to-deploy, one-line workaround has been available for some time," Cisco said. The workaround involves simply changing the COOKIE_INSERT_EXPIRATION_DATE environment variable on the CSM.

The problem stemmed from the fact that CSM, which first shipped in April 2001, originally included a default cookie insert expiration date of January 2010, according to Cisco.

ISC SANS security researcher Toby Kohlenberg wrote in a blog post that the problem led to "apps ... being continuously rebalanced instead of getting a persistent connection."

Other vendors facing Y2K10 issues include Symantec, with its Endpoint Protection Manger product.

"An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content ... with a date greater than December 31, 2009 11:59 pm are considered to be 'out of date,'" Symantec employee Paul Murgatroyd wrote in a blog post.

As a workaround, Symantec is providing users with definitions that have increasing revision numbers, but still have the Dec. 31, 2009 date on them. According to Symantec's blog post on the issue, the most up-to-date definition set -- as of press time -- is dated Dec. 31, 2009 rev 118, and includes updates through Jan. 6, 2010.

Another application that has faced some Y2K10 issues is the open source Apache SpamAssassin spam-filtering tool that is deployed on servers.

"Versions of the FH_DATE_PAST_20XX ... rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later," Daryl C. W. O'Shea, vice president of SpamAssassin at Apache, wrote in a mailing list posting. "The rule will add a score of up to 3.6 towards the spam classification of all e-mail."

That issue means that unpatched SpamAssassin users would get much of their inbound 2010 e-mail incorrectly labeled as spam.

SpamAssassin has provided an updated and workaround that corrects the issue.

Article courtesy of InternetNews.com.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.