North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco Vulnerability Testing Results

  • From: Jim Duncan
  • Date: Sat Jul 19 02:31:37 2003

Jason Frisvold writes:
> Just for fun we hit an old AGS+ router with 10.2(4) code on it.. 
> Apparently older code is vulnerable too..

You are correct.  The vulnerability was introduced back in 1994 in a
patch that was integrated into 10.0(6.1) and 10.2(1.6).  The vuln is
present in any release that follows in those same trains, such as
10.2(4) as you confirmed above, as well as in all of 10.3.

All other prior versions of IOS do not contain the software that
introduced the vulnerability and are probably not vulnerable, but I will
not be able to confirm that by testing it.

> So..  everyone running AGS+'s in the core, beware.. *grin*

The workarounds should apply, but not much else. ;-)

	Jim



==
Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc.
[email protected], +1 919 392 6209, http://www.cisco.com/go/ciag/.
PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821