[nsp] RE: Cisco IOS Vulnerability
Tomas Daniska
tomas at tronet.com
Thu Jul 17 10:16:47 EDT 2003
from what i've heard, they know (internally) about the vuln for quite a time - i don't recall exactly but it recall it was expressed in months... so they _had_ enough time for rebuilds
the other side of the coin is that they had to schedule it precisely so the folks @tac would stand expected caseload peaks
that's reasonable, imho
--
deejay
> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
> Sent: 17. júla 2003 9:08
> To: Darrell Kristof
> Cc: nanog at merit.edu
> Subject: Re: Cisco IOS Vulnerability
>
>
> On Thu, 17 Jul 2003 01:05:46 CDT, Darrell Kristof
> <darrell.kristof at wholefoods.com> said:
> > If Cisco made THIS big a deal of this to not release info
> to the public,
> > I wouldn't wait. There must be a reason. I had to push and
> push to get
> > any info and I think they finally gave up because too many
> people knew.
>
> > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
>
> which says...
>
> "Customers with contracts should obtain upgraded software
> free of charge through
> their regular update channels. For most customers, this means
> that upgrades
> should be obtained through the Software Center on the Cisco
> worldwide website
> at http://www.cisco.com/tacpage/sw-center/sw-ios.html."
>
> I may have been a few off, but I counted *139* different
> trains on that page as
> being affected. The 12.0S train alone has *13* different rebuilds.
>
> And there's *gotta* be at least 3-4 trains that suffer from
> bad karma and refuse
> to rebuild unless the Rebuild Wizard comes by and sprinkles
> Magic Rebuild Dust
> all over the place, and then there's the special procedure
> put in place after last
> year's debacle when the Magic Rebuild Dust got on that llama... ;)
>
> In other words - yeah, it's probably important to get this
> update deployed. But
> unless somebody has hard evidence to the contrary, I'm
> betting on it just being
> an attempt to not let things leak out till they're ready to
> ship across the
> board. That's a LOT of trains and rebuilds that all need to
> be ready at the
> same time, and Fred Brooks taught us all 30 years ago what
> happens when you try
> something like that. :)
>
>
>
>
More information about the cisco-nsp
mailing list