Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

CBOS v2.4.3

From: terry white <twhite () aniota com>
Date: Sat, 25 Aug 2001 07:53:34 -0700 (PDT)
... ciao:
  
    04/Aug/2001 @ 03:44:21 i saw my first "GET /default.ida?XXXXXXXX".
being a 'quest' dsl customer with a 675, i had a problem.  i recall
having mentioned this, and when i came across a 'solution' made note of
that also.  someone else made mention of changing the ip toward which the
web interface looked.  the 675 is running CBOS v.2.2.0.
  
    yesterday, cisco's announcement of their 'fixed' 2.4.3 CBOS was
forwarded on one of the lists.  following the instructions therein, i
contacted the listed email contact.  i was instructed to read the
document i'd just read for instructions.  this prompted my inquiry about
what i'd missed in that reading, to which i was offered the graph about
contacting the 'third' party.  it was clear to me, this was circular in
nature, so i called 'quest'.
  
    the latest version CBOS 'quest' had was 2.2.0.  however, on monday
quest is mounting a wholesale 'user upgrade effort' to include the latest
2.4.3 version.  as i run linux, support is clearly out of the question,
but in my instance, not an issue.  i do have to add, that 'quest' as been
far more responsible than cisco in dealing with the CR-II problem given
their respective posiions in the situation.
  
    this problem is CLEARLY a cisco fiasco.  they designed a web
interface, that when disabled, is port sensitive.  what is 'wrong' with
this picture, well, in the best of all worlds, port consideration would
be a 'moot' point for a 'disabled interface'.  to my mind, this issue
transcends cisco's demand that third party vendors, where they exits,
'handle' it.
  
    bottom line:  there a multitude of cisco product users, that cisco
has NO interest in helping solve a problem, 'cisco' created ...
  
  
-- 
... i'm a man , and i can change ,
    if i really have to , i guess ...



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: