Bugtraq mailing list archives
Re: Cisco HTTP possible bug:
From: jnduncan () CISCO COM (Jim Duncan)
Date: Fri, 28 Apr 2000 17:42:34 -0400
aleph1 () securityfocus com writes:
Summary of responces in this thread: Model IOS version Confirmed ----- ----------- ---------- C2924XL - No C2900X 11.2(8)SA1 No 7206 12.1(1a)T1 No 7206 12.0(9)S Yes 5300 12.1(1.3)T No 4000 11.0 No 3640 12.0(7)T Yes 2621 12.0(5)T1 Yes 2514 11.2(17) Yes 2501 12.0-4.T Yes 2501 12.0(8) Yes
Thanks. This is helpful. If it's not too much trouble, it would be particularly useful if we knew the image names for each test, e.g., c7200-inu-mz.111-24, since that tells us a lot more about the content of the image and the platforms it runs on. The image name is available in the output of a "show ver" in enable mode, and it would mean adding an extra column to your table. For example, I'm very curious about the 7206 running 12.0(9)S and the 5300 running 12.1(1.3)T. From inspecting the code, I believe they should be vulnerable, *if* they're running the affected image. But I can't tell that for certain without the image name. Thanks again. Jim -- Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc. <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> E-mail: <jnduncan () cisco com> Phone(Direct/FAX): +1 919 392 6209
Current thread:
- Re: Cisco HTTP possible bug: Jim Duncan (Apr 27)
- <Possible follow-ups>
- Re: Cisco HTTP possible bug: Elias Levy (Apr 28)
- Re: Cisco HTTP possible bug: Jim Duncan (Apr 28)