Cisco IOS Exploit Cover Up

Florian Weimer fw at deneb.enyo.de
Thu Jul 28 12:26:23 UTC 2005


* Neil J. McRae:

> I couldn't disagree more. Cisco are trying to control the
> situation as best they can so that they can deploy the needed
> fixes before the $scriptkiddies start having their fun. Its
> no different to how any other vendor handles a exploit and
> I'm surprised to see network operators having such an attitude.

Cisco is different in at least one regard: they only list confirmed
impact, not potential impact.  Thus many bugs get labeled as DoS
issues, which other vendors would have described as a vulnerability
which potentially enables remote code injection exploits.



More information about the NANOG mailing list