[c-nsp] Cisco Security Advisories

[Wendy Garvin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hmmm, I'll try that avenue.  (One of our IXP routers is a NPE-225 with
> 256 Mb RAM - it's chugging along happily with 18S, but 25S will kill
> it...).  *sending mail... mail sent*
> 
> Unfortunately, TAC is a bit retarded regarding these advisories.  We 
> already have one case open (605250559), and they are giving me the 
> runaround ("the bug ID CSCec71950 in bug tool does not list 12.1 as 
> vulnerable, so it is not vulnerable, please upgrade to the latest 12.1 
> release").

All of 12.1 Mainline is vulnerable, and 12.1 E is vulnerable until the
fix is integrated in 12.1(23)E and beyond.

> Is there a way to make TAC believe that the table in the advisory is to
> be used as authoritative source, and NOT the bug tool entry?

They have written instructions in multiple places, and received training
prior to the announcement. I'll be forwarding this email (with your
permission) to people in high places within the TAC organization, and
following up with the engineers as well as on your case to ensure this
is resolved.

Thanks for bringing this to our attention. Email to psirt at cisco.com
is also a good way to get this sort of problem addressed.

Thanks,

- -Wendy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iD8DBQFFu+aRz/q+G4BEr20RAlgwAJ9y53fxjCMVjU7hZauAia0lX6Gm7ACeKOIe
0RxCjWMKJCHev1nmZ4hx2Gk=
=fjac
-----END PGP SIGNATURE-----