Re: Cisco IOS Vulnerablity

[Gary Golomb <coach () GWU EDU>]

Comments below...

>>
>>All,
>>
>>My security engineer received the following Cisco IOS vulnerability
>>notification this afternoon.
>>

>    Yes. It's going to be a big one.

I usually don't reply, but...

Even though the media is going to have a field day with this and call it
the end of the Internet, let's not take part in starting fear and panic
where there shouldn't be. And yes, all kinds of people are talking about
how exploitable this is already... I bet there's already people crawling
over each other to be the first to proclaim it "wormable."

But....

There's a list of heap-based overflows for Cisco. Have any of them ever
brought your networks down in the past? I'd go out on a limb here and
guess probably not. There's a reason for that. Actually, there's a lot
of reasons for it, and interestingly enough, most of them are technical
reasons.

Long [technical && religious] story short, absolutely patch, but don't
cry wolf.  The "industry" has been doing a lot of that over the past few
months (or longer?). I guess sales are slumping.