Cisco IOS Vulnerability
Darrell Kristof
darrell.kristof at wholefoods.com
Thu Jul 17 06:05:46 UTC 2003
If Cisco made THIS big a deal of this to not release info to the public,
I wouldn't wait. There must be a reason. I had to push and push to get
any info and I think they finally gave up because too many people knew.
If you notice
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
For Public Release 2003 July 17 at 0:00 UTC (GMT)
But at the bottom is says:
Distribution
This notice will be posted on the Cisco worldwide website at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml at
21:00 GMT on July 17th, 2003.
Hmmm... I think that means 4PM CT TOMORROW! From what I understand they
didn't want this to be public until tomorrow afternoon.
- D
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Mikael Abrahamsson
Sent: Thursday, July 17, 2003 12:48 AM
To: nanog at merit.edu
Subject: RE: Cisco IOS Vulnerability
On Wed, 16 Jul 2003, Darrell Kristof wrote:
>
> Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet
> http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
IS anyone seeing this exploited in the wild? It'd be good to know if we
need to do panic upgrade or can schedule it for our next maintenance
window (which is during the weekend).
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list