[nsp] recent SNMP vulnerability vs 12.1(13)E14

Clayton Kossmeyer ckossmey at cisco.com
Fri Apr 23 16:21:02 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Just because that high port is there doesn't mean the box is
vulnerable.

The high port was added to support SNMP inform capability, and is not
present throughout all of IOS.

The advisory does not state that the presence of the high port
indicates that a release is vulnerable, only that if vulnerable you
can see the high port with "sh ip sockets".

I'll see about making that part more clear.

Believe what you will, but the Affected Products section is
correct. ;)

Regards,

Clay

On Fri, Apr 23, 2004 at 03:19:32PM -0400, lee.e.rian at census.gov wrote:
> 
> I wouldn't go solely on the 'all affected versions' either.  A 'sh ip sock'
> on a vulnerable router did have
>  17   --listen--          10.1.3.145        162   0   0   11   0
>  17   --listen--          10.1.3.145      58398   0   0   11   0
> like the advisory said it would.  I didn't see anything like that on
> routers running other IOS versions.
> 
> Regards,
> Lee
> 
> 
> 
> 
> |---------+--------------------------------->
> |         |           Kinczli Zolt?n        |
> |         |           <Zoltan.Kinczli at Synerg|
> |         |           on.hu>                |
> |         |           Sent by:              |
> |         |           cisco-nsp-bounces at puck|
> |         |           .nether.net           |
> |         |                                 |
> |         |                                 |
> |         |           04/23/2004 02:48 PM   |
> |         |                                 |
> |---------+--------------------------------->
>   >---------------------------------------------------------------------------------------------------------------------------------------------|
>   |                                                                                                                                             |
>   |       To:       "Pete Kruckenberg" <pete at kruckenberg.com>, "Jay Young" <jay at net.ohio-state.edu>                                             |
>   |       cc:       cisco-nsp at puck.nether.net                                                                                                   |
>   |       Subject:  RE: [nsp] recent SNMP vulnerability  vs 12.1(13)E14                                                                         |
>   >---------------------------------------------------------------------------------------------------------------------------------------------|
> 
> 
> 
> 
> hello,
> 
>   I'd not trust the 'all afected version' solely.
> Sometimes it contains obviously contradicting data.
> 
>   I'd not leave my border router alone out there in the dark,
> just based on the 'all afffected vesrion' info...
> 
> rgds
>  --zoltan
> 
> -----Original Message-----
> From: Pete Kruckenberg [mailto:pete at kruckenberg.com]
> Sent: Friday, April 23, 2004 8:15 PM
> To: Jay Young
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] recent SNMP vulnerability vs 12.1(13)E14
> 
> 
> It's well worth your while to look up Cisco Bug IDs
> CSCed27956 and CSCed38527 (registered customers only). Look
> at the "First Found in Version" section and click on the
> "All Affected Versions".
> 
> The list is long, about 1600 versions or so, but it might
> save you the trouble of upgrading if your specific IOS
> version isn't vulnerable.
> 
> Pete.
> 
> On Fri, 23 Apr 2004, Jay Young wrote:
> 
> > Date: Fri, 23 Apr 2004 09:45:42 -0400
> > From: Jay Young <jay at net.ohio-state.edu>
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [nsp] recent SNMP vulnerability  vs 12.1(13)E14
> >
> > Along a similar line what about 12.2.18S3 the advisory says that 12.2S
> > is vulnerable and the fix is 12.2.20S2 or 12.2.22S. Neither of which is
> > available for a 7200.
> >
> > Thanks,
> > Jay
> >
> >
> > Kinczli Zolt?n wrote:
> > > hello,
> > >
> > >   Is 12.1(13)E14 affected by the latest SNMP vulnerability?
> >
> >
> >
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SunOS)

iD8DBQFAiXqsEHa/Ybuq8nARAuoGAKCPS48kma2YUsci6mvHyIzPMcJOZACfZ9ad
UJCbPrpKbAh6buxlJ67Y5N8=
=YMlD
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list