[19016] in bugtraq
Re: Cisco Security Advisory: Cisco Content Services Switch Vulner
daemon@ATHENA.MIT.EDU (Weld Pond)
Mon Feb 5 19:23:46 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <C5119AD12E92D311928E009027DE4CCAAB1838@boddington.atstake.com>
Date: Mon, 5 Feb 2001 15:21:26 -0500
Reply-To: Weld Pond <weld@ATSTAKE.COM>
From: Weld Pond <weld@ATSTAKE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Cisco Systems Product Security Incident Response Team <psirt@CISCO.COM>
writes:
>Exploitation and Public Announcements
> ------------------------------------
>
>The Cisco PSIRT is not aware of any public announcements or malicious use
>of the vulnerabilities described in this advisory. These vulnerabilities
>were discovered by a Security Consulting firm during a customer security
>audit.
Contrary to the above statement there is at least one other public
announcement on this issue. @stake has published an advisory with the
details
of our Arrowpoint research at:
http://www.atstake.com/research/advisories/2001/index.html#013101-1
Cisco was very responsive on this issue, even making an Arrowpoint device
available for us to continue our testing.
-weld
