Cisco IOS Exploit Cover Up
Florian Weimer
fw at deneb.enyo.de
Thu Jul 28 12:26:23 UTC 2005
* Neil J. McRae:
> I couldn't disagree more. Cisco are trying to control the
> situation as best they can so that they can deploy the needed
> fixes before the $scriptkiddies start having their fun. Its
> no different to how any other vendor handles a exploit and
> I'm surprised to see network operators having such an attitude.
Cisco is different in at least one regard: they only list confirmed
impact, not potential impact. Thus many bugs get labeled as DoS
issues, which other vendors would have described as a vulnerability
which potentially enables remote code injection exploits.
More information about the NANOG
mailing list