[82700] in North American Network Operators' Group
Re: Cisco IOS Exploit Cover Up
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jul 28 09:11:13 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: "Neil J. McRae" <neil@DOMINO.ORG>
Cc: "'Dan Hollis'" <goemon@anime.net>,
"'Fergie (Paul Ferguson)'" <fergdawg@netzero.net>,
<hannigan@verisign.com>, <nanog@merit.edu>
Date: Thu, 28 Jul 2005 14:26:23 +0200
In-Reply-To: <20050728072919.653E739946@equinox.DOMINO.ORG> (Neil J. McRae's
message of "Thu, 28 Jul 2005 08:29:22 +0100")
Errors-To: owner-nanog@merit.edu
* Neil J. McRae:
> I couldn't disagree more. Cisco are trying to control the
> situation as best they can so that they can deploy the needed
> fixes before the $scriptkiddies start having their fun. Its
> no different to how any other vendor handles a exploit and
> I'm surprised to see network operators having such an attitude.
Cisco is different in at least one regard: they only list confirmed
impact, not potential impact. Thus many bugs get labeled as DoS
issues, which other vendors would have described as a vulnerability
which potentially enables remote code injection exploits.
