[nsp] recent SNMP vulnerability vs 12.1(13)E14

lee.e.rian at census.gov lee.e.rian at census.gov
Fri Apr 23 15:19:32 EDT 2004 

I wouldn't go solely on the 'all affected versions' either.  A 'sh ip sock'
on a vulnerable router did have
 17   --listen--          10.1.3.145        162   0   0   11   0
 17   --listen--          10.1.3.145      58398   0   0   11   0
like the advisory said it would.  I didn't see anything like that on
routers running other IOS versions.

Regards,
Lee




|---------+--------------------------------->
|         |           Kinczli Zoltán        |
|         |           <Zoltan.Kinczli at Synerg|
|         |           on.hu>                |
|         |           Sent by:              |
|         |           cisco-nsp-bounces at puck|
|         |           .nether.net           |
|         |                                 |
|         |                                 |
|         |           04/23/2004 02:48 PM   |
|         |                                 |
|---------+--------------------------------->
  >---------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                             |
  |       To:       "Pete Kruckenberg" <pete at kruckenberg.com>, "Jay Young" <jay at net.ohio-state.edu>                                             |
  |       cc:       cisco-nsp at puck.nether.net                                                                                                   |
  |       Subject:  RE: [nsp] recent SNMP vulnerability  vs 12.1(13)E14                                                                         |
  >---------------------------------------------------------------------------------------------------------------------------------------------|




hello,

  I'd not trust the 'all afected version' solely.
Sometimes it contains obviously contradicting data.

  I'd not leave my border router alone out there in the dark,
just based on the 'all afffected vesrion' info...

rgds
 --zoltan

-----Original Message-----
From: Pete Kruckenberg [mailto:pete at kruckenberg.com]
Sent: Friday, April 23, 2004 8:15 PM
To: Jay Young
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] recent SNMP vulnerability vs 12.1(13)E14


It's well worth your while to look up Cisco Bug IDs
CSCed27956 and CSCed38527 (registered customers only). Look
at the "First Found in Version" section and click on the
"All Affected Versions".

The list is long, about 1600 versions or so, but it might
save you the trouble of upgrading if your specific IOS
version isn't vulnerable.

Pete.

On Fri, 23 Apr 2004, Jay Young wrote:

> Date: Fri, 23 Apr 2004 09:45:42 -0400
> From: Jay Young <jay at net.ohio-state.edu>
> To: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] recent SNMP vulnerability  vs 12.1(13)E14
>
> Along a similar line what about 12.2.18S3 the advisory says that 12.2S
> is vulnerable and the fix is 12.2.20S2 or 12.2.22S. Neither of which is
> available for a 7200.
>
> Thanks,
> Jay
>
>
> Kinczli Zoltán wrote:
> > hello,
> >
> >   Is 12.1(13)E14 affected by the latest SNMP vulnerability?
>
>
>


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list