[c-nsp] Fwd: Old PSIRT still around

Wendy Garvin wgarvin at cisco.com
Wed May 5 14:17:46 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This bug is fixed in both 12.2(33)SXI3 and 15.0(1)M2. Could you please
forward a copy of the retina scan directly to psirt at cisco.com (Off the
mailing list please) we can follow up with them to improve their results.

Thanks,

- -Wendy

> -------- Original Message --------
> Subject: [c-nsp] Old PSIRT still around
> Date: Wed, 5 May 2010 09:44:32 -0400
> From: Church, Charles <Charles.Church at harris.com>
> To: nsp-cisco <cisco-nsp at puck.nether.net>
> 
> Anyone,
> 
>       Our IA scanning people (using eEye's Retina) are telling me come
> recent IOSs we're running (12.2(33)SXI3 and 15.0(1)M2) are vulnerable to
> the BGP regular expression issue from almost 3 years ago.  This one:
> 
> http://www.cisco.com/en/US/products/products_security_response09186a00808bb91c.html
> 
> Looking at the bug ID CSCsk33054, it's a bit confusing what has fixes
> for it.  12.4(15)T2 is listed in the '1st found in' section, and also in
> the 'Fixed in' section.  But under 'known affected versions' link,
> 15.0(1)M1 is listed, which came out well after 12.4(15)T2.  For the
> 6500s, it does appear to be fixed in SXF13 and more recent SXH versions.
>  SXI appears to never have had it.  But the 12.4T and 15.0 thing has me
> a bit confused.  Can anyone shed some light on that for me?
> 
> Thanks,
> 
> Chuck
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

- -- 
Wendy Garvin
Incident Manager
Product Security Incident Response Team
wgarvin at cisco.com
Phone: +1 408 525 1888
Cisco Systems, Inc.
Cisco.com - http://www.cisco.com

This email may contain confidential and privileged material for the sole
use of the intended recipient. Any review, use, distribution or
disclosure by others is strictly prohibited. If you are not the intended
recipient (or authorized to receive for the recipient), please contact
the sender by reply email and delete all copies of this message.

For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvhtkoACgkQz/q+G4BEr20MnQCdEQtbSnGaUe65thF6gKmWPnwp
x3QAoPHrbW6f/ooeCgm0PaQRj/HsycTm
=74qZ
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list