Bugtraq mailing list archives
Re: Cisco Security Advisory: Multiple Vulnerabilities in CBOS
From: Dave Booth <dbooth () CARLSON COM>
Date: Thu, 7 Dec 2000 10:56:33 -0600
Cisco Systems Product Security Incident Response Team wrote: <SNIP>
The following releases of CBOS are vulnerable to all defects: 2.0.1, 2.1.0, 2.1.0a, 2.2.0, 2.2.1, 2.2.1a, 2.3, 2.3.2, 2.3.5, 2.3.7 and 2.3.8. These defects will be fixed in the following CBOS releases: 2.3.5.015, 2.3.7.002, 2.3.9 and 2.4.1. Customers are urged to upgrade to releases that are not vulnerable to this defect as shown in detail in the section Software Versions and Fixes below.
<SNIP> QWest DSL customers should be aware that QWest do not support the fixed CBOS versions. (confirmed 30 seconds ago by a call to the QWest tech-support line) Therefore the sizable QWest dsl customer base is likely to remain vulnerable. QWest only support 2.2.0 and my ISP (not QWest!) has confirmed that they have encountered several issues relating to higher versions of CBOS on a 675 that connects through a QWest DSLAM. I've already complained about this state of affairs and suggest you do likewise if you too are stuck with the choice between leaving vulnerabilities unpatched or installing an unsupported CBOS version. -- Dave Booth, CWT-IT dbooth () carlson com +---------------------------------------------------+ | Catapultam habeo. Nisi pecuniam omnem mihi dabis, | | ad caput tuum saxum immane mittam. | +---------------------------------------------------+
Current thread:
- Cisco Security Advisory: Multiple Vulnerabilities in CBOS Cisco Systems Product Security Incident Response Team (Dec 06)
- <Possible follow-ups>
- Re: Cisco Security Advisory: Multiple Vulnerabilities in CBOS Dave Booth (Dec 08)
- Re: Cisco Security Advisory: Multiple Vulnerabilities in CBOS Gary Barnett (Dec 11)