[nsp] IOS 12.2S - 1st announcement?
Christopher McCrory
chrismcc at pricegrabber.com
Mon Feb 3 09:23:35 EST 2003
Hello...
On Mon, 2003-02-03 at 08:42, Thomas Kernen wrote:
> FYI I came across this URL today related to the IOS 12.2S Product bulletin.
> http://www.cisco.com/cpropart/salestools/cc/pd/iosw/prodlit/2044_pp.htm
>
Does anyone know is this includes a fix for the "SSH Malformed Packet
Vulnerabilities" bug?
...dig...dig...dig
No ;(
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/122srn.htm#1008800
Open Caveats—Cisco IOS Release 12.2(14)S
CSCdz60229
Cisco devices that run Cisco IOS software and contain support for the
Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if
the SSH server is enabled on the device. A malformed SSH packet directed
at the affected device may cause the device to reload. No authentication
is necessary for the packet to be received by the affected device. The
SSH server in the Cisco IOS software is disabled by default.
Cisco will be making free software available to correct the problem as
soon as possible.
Lots of other cool stuff though
> Thomas
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Christopher McCrory
"The guy that keeps the servers running"
chrismcc at pricegrabber.com
http://www.pricegrabber.com
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense. I tried it. Only tinfoil works.
More information about the cisco-nsp
mailing list