[nsp-sec] ASR fragment DDoS
David Freedman
david.freedman at uk.clara.net
Fri Jul 31 03:39:34 EDT 2015
Right, but this only affects XE 2.x ("No Cisco IOS XE Software trains with a major version number starting with the number 3 (such as 3.xS, 3.xSE, and 3.xSQ) are affected by the vulnerability described in this Cisco Security Advisory.")
as far as I recall, 3.x came out around 2010/2011, I can't imagine there are people out there running 2.x still?
Dave.
On 31/07/2015 08:27, "nsp-security on behalf of JR Mayberry" <nsp-security-bounces at puck.nether.net on behalf of mayberry at jupiter.loonybin.net> wrote:
>----------- nsp-security Confidential --------
>
>
>Hi all,
>
>I see a new PSIRT (released out of cycle) for a specially crafted
>fragment that affects ASRs. I've seen exploitation in the wild.
>Anyone else seeing this or have any additional info?
>
>Here is an indicative error log
>%ATTN-3-SYNC_TIMEOUT
>
>http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k
>
>Thanks
>
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>community. Confidentiality is essential for effective Internet security counter-measures.
>_______________________________________________
More information about the nsp-security
mailing list