[nsp] Cisco Security Notice: Data Leak in UDP Echo Service

[Nicholas Ianelli]

I received the alert around 11pm last night. It did not appear to come
through the normal channels (cust-security-announce at cisco.com and psirt). 

There have been a couple that slipped through the cracks, specifically:

http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml
http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml
http://www.cisco.com/warp/public/707/cisco-sn-20030731-ios-udp-echo.shtml

Here is the reasoning behind the limited notifications (quoted from Cisco's
site):

"Various security discussion groups encourage vulnerability disclosure,
sometimes with little or no vendor notification. This index lists those
notes pertaining to Cisco products and the official Cisco responses, and may
contain links to non-Cisco archives or sites. In many cases the issues
listed do not warrant a full security advisory, but do generate concern.
They are listed here for reference and to make it easy to find the official
Cisco response."

They are considered Security Notices, not Security Advisories. Which may be
the reasoning for the lack of wide spread email notification.

http://www.cisco.com/warp/public/707/advisory.html#notices

_ Nick

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Len Rose
Sent: Friday, August 01, 2003 5:20 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Cisco Security Notice: Data Leak in UDP Echo Service


Did anyone else get that notice yesterday? I was wondering
why it wasn't posted to any security lists, nor did it list
a specific url of the alert on CIO.

(for reference to save bandwidth et al, see
 http://www.netsys.com/library/alerts/cisco/cisco-data-leak-2003-07-31.txt
 if you're interested)

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/