[59730] in North American Network Operators' Group
RE: possible exploit.. (Cisco Issue)
daemon@ATHENA.MIT.EDU (Barry Raveendran Greene)
Fri Jul 18 12:13:45 2003
Reply-To: <bgreene@cisco.com>
From: "Barry Raveendran Greene" <bgreene@cisco.com>
To: "'Gerald'" <gcoon@inch.com>, <nanog@merit.edu>
Date: Fri, 18 Jul 2003 09:13:07 -0700
In-Reply-To: <20030718114143.A37292@kod.inch.com>
Errors-To: owner-nanog-outgoing@merit.edu
The changes are all detailed at the bottom of the advisory.
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf =
Of
> Gerald
> Sent: Friday, July 18, 2003 8:43 AM
> To: nanog@merit.edu
> Subject: Re: possible exploit.. (Cisco Issue)
>=20
>=20
> Wouldn't it be nice if they would CVS-web this thing so I can just see =
the
> lines that they have changed on each revision. :-)
>=20
> ...off to read 1.5
>=20
> G
>=20
> On Fri, 18 Jul 2003, NANOG wrote:
>=20
> >
> > It appears Cisco has seen the posting too. The Cisco PSIRT updated
> > their announcement to 1.4 at 5am this morning. The sentence in the
> > "Exploitation and Public Announcments" section is new and states =
that
> > they are aware that the exploitation "has been publised on a public
> > mailing list".
> > The link is the same, but the version number has changed:
> > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
> >
> > Len Rose wrote:
> >
> > >It seems to work.
> > >
> > >On Fri, Jul 18, 2003 at 02:39:18AM -0400, Len Rose wrote:
> > >
> > >
> > >
> > >>This was posted a while ago.
> > >>
> > >>http://lists.netsys.com/pipermail/full-disclosure/2003-
> July/011421.html
> > >>http://lists.netsys.com/pipermail/full-disclosure/2003-
> July/011420.html
> > >>
> > >>I haven't had the chance to test it in a controlled environment =
yet.
> > >>
> > >>
> > >
> > >
> > >
> >
