Cisco Vulnerability Testing Results

Jim_Duncan1 · July 19, 2003, 6:29am

Jason Frisvold writes:

Just for fun we hit an old AGS+ router with 10.2(4) code on it..
Apparently older code is vulnerable too..

You are correct. The vulnerability was introduced back in 1994 in a
patch that was integrated into 10.0(6.1) and 10.2(1.6). The vuln is
present in any release that follows in those same trains, such as
10.2(4) as you confirmed above, as well as in all of 10.3.

All other prior versions of IOS do not contain the software that
introduced the vulnerability and are probably not vulnerable, but I will
not be able to confirm that by testing it.

So.. everyone running AGS+'s in the core, beware.. *grin*

The workarounds should apply, but not much else.

Jim

Alex_Yuriev2 · July 19, 2003, 2:10pm

All other prior versions of IOS do not contain the software that
introduced the vulnerability and are probably not vulnerable, but I will
not be able to confirm that by testing it.

> So.. everyone running AGS+'s in the core, beware.. *grin*

The workarounds should apply, but not much else.

"We are C. We never have a fix. We have a patch... after patch.... after
patch... after patch... after patch... and at some point there is no more
patches, but there is no fix either"

I have this brilliantly simple idea that somehow everyone forgets, while
they tout all the new "advanced stuff". Do not introduce yet another name
for filtering that works only in some cases. Fix the filtering code so we
can filter *anything* at *any packet rate* on *any interface* that pass *any
traffic* without bringing the router to its knees.

Alex

Richard_Irving1 · July 19, 2003, 2:34pm

alex@yuriev.com wrote:

I have this brilliantly simple idea that somehow everyone forgets, while
they tout all the new "advanced stuff". Do not introduce yet another name
for filtering that works only in some cases. Fix the filtering code so we
can filter *anything* at *any packet rate* on *any interface* that pass *any
traffic* without bringing the router to its knees.

Already done, however, the only prototype source code is still
in test mode, in the same facility as the WMD, in Iraq....

David Kelly has been dispatched by Tony Blair,

It -=should=- be here any minute now...

:\

Peter_Galbavy1 · July 19, 2003, 5:08pm

Richard Irving wrote:

David Kelly has been dispatched by Tony Blair,

s/disp/desp/

You don't know quite how rife that rumour is over here at the moment.

Petre