[nsp] recent SNMP vulnerability vs 12.1(13)E14
Martin Winter
mwinter at noaccess.com
Fri Apr 23 05:35:04 EDT 2004
On Fri, 23 Apr 2004, [ISO-8859-1] Kinczli Zoltán wrote:
> hello,
>
> Is 12.1(13)E14 affected by the latest SNMP vulnerability?
No.
> The picture is not clear for me, since the vulnerable code was
> introduced by CSCeb22276 fix. CSCeb22276 is first integrated
> into the 12.1E train in the interim maintenance release of 12.1(19.4)E
Correct.
> Having said that, it's strange that the
> http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
> announcement says that 12.1(20)E3 and 12.1(22)E1 are the repaired, and
> it doesn't mentions 12.1(13)E rebuilds. I feel their are not
> vulnerabel, but more stable.
There are no rebuilds for 12.1(13)E because it's not affected. As you
noticed above, the bug was introduced by CSCeb22276 which went into
12.1(19.4)E - which was after 12.1(13)E
> I guess, i'm not the only one who prefers E14 over E3 (not to mention
> the E1)... be it any maintenance version.
>
> Can someone from Cisco confirm that for me, pls!
Done. (I work for Cisco)
- Martin Winter
More information about the cisco-nsp
mailing list