[c-nsp] Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

Dario Ciccarone dciccaro at cisco.com
Wed Sep 24 15:12:34 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter:

    Thanks for your feedback ! Please see inline for some additional
comments:

On 9/24/14 2:55 PM, Peter Rathlev wrote:
> On Wed, 2014-09-24 at 12:23 -0400, Cisco Systems PSIRT wrote:
>> Cisco IOS Software RSVP Vulnerability
> ...
>
> Thank you to PSIRT for generally thorough advisories. :-)
>
> I have a grievance though: The "Cisco IOS Software" section of "Software
> Versions and Fixes" not longer includes a comprehensive list of affected
> IOS releases but instead refers to the IOS Software Checker tool.
>
> The IOS Software Checker tool is really nice in itself, but if you for
> some reason have several different IOS releases running in your network
> then checking each of these via lookup is a lot slower than just
> skimming the list in the advisory.
Actually, we think that may be because you're using option "a" - typing
in an IOS release, or selecting from the list. You can instead use
option "b" (and paste the output of multiple "show version" commands) or
option "c" (and provide a list of IOS releases). Try option "c" and see
if you like it.

Additionally, the "static" IOS tables on previous advisories were that -
a static snapshot at publication time. While the IOS Software checker
data comes from a database that is updated in real time, based on new
fixes availability, new IOS releases, etc.

We don't expect to go back to the previous advisory format, with the
static tables - and actually, our goal is to expand the "IOS Software
checker" in the future to also accept IOS-XE, NX-OS and other Cisco
operating systems. No ETA for those enhancements yet.

Once again, thanks for providing us with your feedback - it is very
appreciated.

Dario
>
>
> Since the advisory contains a lot of information already, and since it's
> beautifully organised into sections, I think a comprehensive list like
> it has been before is a really good idea.
>
> An example of an advisory with the comprehensive list:
>
>
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp
>
> Just my to zhents of course. :-)
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlQjF6AACgkQjJUYH7oa4PDHpQCg/DGBlv+t9hGVq3y5Y9e7UYyz
lTYAoNdWfWqMDPqDc8gbrCtDv+xrnJI6
=7e4g
-----END PGP SIGNATURE-----





More information about the cisco-nsp mailing list