[nsp] recent SNMP vulnerability vs 12.1(13)E14

lee.e.rian at census.gov lee.e.rian at census.gov
Fri Apr 23 18:37:13 EDT 2004 

At 04/23/2004 04:21 PM, Clayton Kossmeyer <ckossmey at cisco.com> wrote:
>Just because that high port is there doesn't mean the box is
>vulnerable.
>
>The high port was added to support SNMP inform capability, and is not
>present throughout all of IOS.
>
>The advisory does not state that the presence of the high port
>indicates that a release is vulnerable, only that if vulnerable you
>can see the high port with "sh ip sockets".
>
>I'll see about making that part more clear.
>
>Believe what you will, but the Affected Products section is
>correct. ;)

I wasn't trying to imply that the Affected Products section was incorrect.
I had the same problem as others - not sure if some of the software we were
running was or was not vulnerable.  That was just my method of feeling
comfortable that we had correctly classified all the different IOS versions
we're using as vulnerable or not vulnerable.

<rant>
The official Cisco tech support I've been getting lately is nowhere near
the quality tech support I used to get from Cisco.  It's unfortunate, but
it's down to the point where I feel like I get more and better technical
info by lurking on mailing lists that I do from official channels.
</rant>

As long as I'm out of lurk mode & going way off-topic, let me give a big
Thank You to all the people posting valuable info on public mailing lists.
And an especially big Thank You to all of the "@cisco.com" posters -
somehow you're able to find and publish info that the mere mortals at cisco
can't.

Regards,
Lee


>
>Regards,
>
>Clay
>
>On Fri, Apr 23, 2004 at 03:19:32PM -0400, lee.e.rian at census.gov wrote:
>>
>> I wouldn't go solely on the 'all affected versions' either.  A 'sh ip
sock'
>> on a vulnerable router did have
>>  17   --listen--          10.1.3.145        162   0   0   11   0
>>  17   --listen--          10.1.3.145      58398   0   0   11   0
>> like the advisory said it would.  I didn't see anything like that on
>> routers running other IOS versions.
>>
>> Regards,
>> Lee
      <.. snip ..>

More information about the cisco-nsp mailing list