Re: Cisco 678 exploit

[Joe <joe () blarg net>]

On Thu, 12 Oct 2000, Damir Rajnovic wrote:

> Hello George,
>
> At 21:55 11/10/2000 -0400, George wrote:
> > Is there anyone on this list who could help me track this down further? It
> > seems to me that if this is in fact affecting the router and not machine2
> > that this would be a very simple way for one person inside a company to
> > knock out the internet connection so I think it could classify as an
> > exploit.
>
> We are on the list and we can help you. Even more, we can fix
> that for you, if it proves to be a problem.
>
> As usual, we like when people reports such things so that we can
> fix them. The best of all we like when people send a mail to us
> first so that we do not have to rush things (yada, yada, yada -
> insert standard vendor's complains here).

That's why this is called "vulnerability development" instead of
"vulnerability disclosure". George was asking for assistance in determining
if this even -was- a problem, which is what this list is all about.

And next time you want to complain about "vendor notification", go take a
look at the Cisco 675 vulnerability I sent you in JANUARY that you guys still
haven't fixed. Subject was 'Cisco 675 CISCO_WEB DoS Attack', sent to
security-alert () cisco com on January 10th, 2000.

--
Joe                                     Technical Support
General Support:  support () blarg net     Blarg! Online Services, Inc.
Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net