[c-nsp] Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

b.turnbow at twt.it b.turnbow at twt.it
Thu Sep 25 03:32:50 EDT 2014


Hi Dario,

please see inline 


> >
> > Thank you to PSIRT for generally thorough advisories. :-)
> >
> > I have a grievance though: The "Cisco IOS Software" section of
> > "Software Versions and Fixes" not longer includes a comprehensive list
> > of affected IOS releases but instead refers to the IOS Software Checker
> tool.
> >
> > The IOS Software Checker tool is really nice in itself, but if you for
> > some reason have several different IOS releases running in your
> > network then checking each of these via lookup is a lot slower than
> > just skimming the list in the advisory.
> Actually, we think that may be because you're using option "a" - typing in an
> IOS release, or selecting from the list. You can instead use option "b" (and
> paste the output of multiple "show version" commands) or option "c" (and
> provide a list of IOS releases). Try option "c" and see if you like it.
> 
> Additionally, the "static" IOS tables on previous advisories were that - a static
> snapshot at publication time. While the IOS Software checker data comes
> from a database that is updated in real time, based on new fixes availability,
> new IOS releases, etc.
> 
> We don't expect to go back to the previous advisory format, with the static
> tables - and actually, our goal is to expand the "IOS Software checker" in the
> future to also accept IOS-XE, NX-OS and other Cisco operating systems. No
> ETA for those enhancements yet.

Why not add a note to the old format saying to check ios checker for more updated information?

Makes things easier for you customers with a snapshot of what the actual situation is at the time of writing as well as linking to the dynamic tool.

Regards


Brian

> 
> Once again, thanks for providing us with your feedback - it is very
> appreciated.
> 
> Dario
> >
> >
> > Since the advisory contains a lot of information already, and since
> > it's beautifully organised into sections, I think a comprehensive list
> > like it has been before is a really good idea.
> >
> > An example of an advisory with the comprehensive list:
> >
> >
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> sa-20130925-rsvp
> >
> > Just my to zhents of course. :-)
> >
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iEYEARECAAYFAlQjF6AACgkQjJUYH7oa4PDHpQCg/DGBlv+t9hGVq3y5Y9e7UY
> yz
> lTYAoNdWfWqMDPqDc8gbrCtDv+xrnJI6
> =7e4g
> -----END PGP SIGNATURE-----
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/






More information about the cisco-nsp mailing list