[nsp] Cisco Security Notice: Data Leak in UDP Echo Service

Nicholas Ianelli xtreme at erie.net
Fri Aug 1 12:32:39 EDT 2003

I received the alert around 11pm last night. It did not appear to come
through the normal channels (cust-security-announce at cisco.com and psirt). 

There have been a couple that slipped through the cracks, specifically:


Here is the reasoning behind the limited notifications (quoted from Cisco's

"Various security discussion groups encourage vulnerability disclosure,
sometimes with little or no vendor notification. This index lists those
notes pertaining to Cisco products and the official Cisco responses, and may
contain links to non-Cisco archives or sites. In many cases the issues
listed do not warrant a full security advisory, but do generate concern.
They are listed here for reference and to make it easy to find the official
Cisco response."

They are considered Security Notices, not Security Advisories. Which may be
the reasoning for the lack of wide spread email notification.


_ Nick

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Len Rose
Sent: Friday, August 01, 2003 5:20 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Cisco Security Notice: Data Leak in UDP Echo Service

Did anyone else get that notice yesterday? I was wondering
why it wasn't posted to any security lists, nor did it list
a specific url of the alert on CIO.

(for reference to save bandwidth et al, see
 if you're interested)

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list