Full Disclosure mailing list archives
Re: [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability
From: Wendy Garvin <wgarvin () cisco com>
Date: Fri, 26 Jan 2007 09:42:06 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As stated in all three advisories, the IP Options vulnerability affects IOS and IOS-XR only, and the TCP and IPv6 advisories affect only IOS. Pix and CatOS and all other Cisco OSs are not affected. Thanks, - -Wendy
Justin Shore <justin.shore () sktbcs com> [2007-01-25 20:50] wrote: Now that you mention it, I did have a Pix running 7.1.2 mysteriously reboot twice today. What are the odds that this vulnerability affects more than just IOS 9-12? Justin -----Original Message----- From: cisco-nsp-bounces () puck nether net [mailto:cisco-nsp-bounces () puck nether net] On Behalf Of Andre Gironda So it's too late. Don't bother upgrading now; you're already owned. Unless they are blocking it at the ISP borders in the same way they blocked out the Cisco IPv4 Crafted DoS vulnerability in 2003. ISP's probably got the patch (or at least Cisco's ISP's did) a week ago. Had rolling reboots lately? Don't know why? Lots of "miscellaneous" ISP maintenace. I wonder... _______________________________________________ cisco-nsp mailing list cisco-nsp () puck nether net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ [ ----- End of Included Message ----- ]
- -- Wendy Garvin - Cisco PSIRT - 408 525-1888 CCIE# 6526 - ---------------------------------------------------- http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iD8DBQFFuj1Lz/q+G4BEr20RAhlVAJ9ivAMxcWekFLU6wfvlYLa+ATERPwCfdZDR KmNkM8dbjc+Hftrrn9nuTJo= =gqJU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability Justin Shore (Jan 26)
- Re: [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability Wendy Garvin (Jan 26)