nanog mailing list archives

Re: Cisco IOS Exploit Cover Up

From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 28 Jul 2005 14:26:23 +0200


* Neil J. McRae:

I couldn't disagree more. Cisco are trying to control the
situation as best they can so that they can deploy the needed
fixes before the $scriptkiddies start having their fun. Its
no different to how any other vendor handles a exploit and
I'm surprised to see network operators having such an attitude.


Cisco is different in at least one regard: they only list confirmed
impact, not potential impact.  Thus many bugs get labeled as DoS
issues, which other vendors would have described as a vulnerability
which potentially enables remote code injection exploits.

Current thread:

Cisco IOS Exploit Cover Up James Baldwin (Jul 27)
- Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 27)
- <Possible follow-ups>
- RE: Cisco IOS Exploit Cover Up Hannigan, Martin (Jul 27)
- RE: Cisco IOS Exploit Cover Up Fergie (Paul Ferguson) (Jul 27)
  - Re: Cisco IOS Exploit Cover Up Andre Ludwig (Jul 27)
  - RE: Cisco IOS Exploit Cover Up Dan Hollis (Jul 27)
    - RE: Cisco IOS Exploit Cover Up Neil J. McRae (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Christopher L. Morrow (Jul 28)
    - Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Eric Rescorla (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Brett Frankenberger (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Florian Weimer (Jul 28)
    - RE: Cisco IOS Exploit Cover Up Scott Morris (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Leo Bicknell (Jul 28)
    - Re: Cisco IOS Exploit Cover Up Jason Frisvold (Jul 28)
    - Re: Cisco IOS Exploit Cover Up James Baldwin (Jul 28)

(Thread continues...)