|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco IOS Vulnerability
On Thu, 17 Jul 2003 01:05:46 CDT, Darrell Kristof <[email protected]> said: > If Cisco made THIS big a deal of this to not release info to the public, > I wouldn't wait. There must be a reason. I had to push and push to get > any info and I think they finally gave up because too many people knew. > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml which says... "Customers with contracts should obtain upgraded software free of charge through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on the Cisco worldwide website at http://www.cisco.com/tacpage/sw-center/sw-ios.html."; I may have been a few off, but I counted *139* different trains on that page as being affected. The 12.0S train alone has *13* different rebuilds. And there's *gotta* be at least 3-4 trains that suffer from bad karma and refuse to rebuild unless the Rebuild Wizard comes by and sprinkles Magic Rebuild Dust all over the place, and then there's the special procedure put in place after last year's debacle when the Magic Rebuild Dust got on that llama... ;) In other words - yeah, it's probably important to get this update deployed. But unless somebody has hard evidence to the contrary, I'm betting on it just being an attempt to not let things leak out till they're ready to ship across the board. That's a LOT of trains and rebuilds that all need to be ready at the same time, and Fred Brooks taught us all 30 years ago what happens when you try something like that. :) Attachment:
pgp00005.pgp
|