Educause Security Discussion mailing list archives
Re: Cisco IOS Vulnerablity
From: Gary Golomb <coach () GWU EDU>
Date: Thu, 3 Nov 2005 08:54:10 -0500
Comments below... >> >>All, >> >>My security engineer received the following Cisco IOS vulnerability >>notification this afternoon. >>
Yes. It's going to be a big one.
I usually don't reply, but... Even though the media is going to have a field day with this and call it the end of the Internet, let's not take part in starting fear and panic where there shouldn't be. And yes, all kinds of people are talking about how exploitable this is already... I bet there's already people crawling over each other to be the first to proclaim it "wormable." But.... There's a list of heap-based overflows for Cisco. Have any of them ever brought your networks down in the past? I'd go out on a limb here and guess probably not. There's a reason for that. Actually, there's a lot of reasons for it, and interestingly enough, most of them are technical reasons. Long [technical && religious] story short, absolutely patch, but don't cry wolf. The "industry" has been doing a lot of that over the past few months (or longer?). I guess sales are slumping.
Current thread:
- Cisco IOS Vulnerablity Scott Genung (Nov 02)
- <Possible follow-ups>
- Re: Cisco IOS Vulnerablity Arturo Servin (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Flynn (Nov 03)
- Re: Cisco IOS Vulnerablity Gary Golomb (Nov 03)
- Re: Cisco IOS Vulnerablity John Ladwig (Nov 03)
- Re: Cisco IOS Vulnerablity Jeff Kell (Nov 03)
- Re: Cisco IOS Vulnerablity Chris Harrington (Nov 03)