nanog mailing list archives
Re: Cisco Vulnerability Testing Results
From: Jim Duncan <jnduncan () cisco com>
Date: Sat, 19 Jul 2003 02:29:44 -0400
Jason Frisvold writes:
Just for fun we hit an old AGS+ router with 10.2(4) code on it.. Apparently older code is vulnerable too..
You are correct. The vulnerability was introduced back in 1994 in a patch that was integrated into 10.0(6.1) and 10.2(1.6). The vuln is present in any release that follows in those same trains, such as 10.2(4) as you confirmed above, as well as in all of 10.3. All other prior versions of IOS do not contain the software that introduced the vulnerability and are probably not vulnerable, but I will not be able to confirm that by testing it.
So.. everyone running AGS+'s in the core, beware.. *grin*
The workarounds should apply, but not much else. ;-) Jim == Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc. jnduncan () cisco com, +1 919 392 6209, http://www.cisco.com/go/ciag/. PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
Current thread:
- Cisco Vulnerability Testing Results Jason Frisvold (Jul 18)
- Re: Cisco Vulnerability Testing Results Jason Frisvold (Jul 18)
- Re: Cisco Vulnerability Testing Results Jason Frisvold (Jul 18)
- Re: Cisco Vulnerability Testing Results Jason Frisvold (Jul 18)
- Re: Cisco Vulnerability Testing Results Jim Duncan (Jul 18)
- Re: Cisco Vulnerability Testing Results alex (Jul 19)
- Re: Cisco Vulnerability Testing Results Richard Irving (Jul 19)
- Re: Cisco Vulnerability Testing Results Peter Galbavy (Jul 19)
- Re: Cisco Vulnerability Testing Results Jason Frisvold (Jul 18)
- <Possible follow-ups>
- Re: Cisco Vulnerability Testing Results Neil J. McRae (Jul 22)
- Re: Cisco Vulnerability Testing Results Peter Galbavy (Jul 22)
- RE: Cisco Vulnerability Testing Results Bob German (Jul 22)
- Re: Cisco Vulnerability Testing Results Peter Galbavy (Jul 22)