RE: Cisco Vulnerability

From: Charles Church (cchurch@wamnet.com)
Date: Wed Jul 16 2003 - 21:34:53 GMT-3

• Next message: Jay Hennigan: "RE: Cisco Vulnerability"
• Previous message: asadovnikov: "RE: Cisco Vulnerability"
• Maybe in reply to: Kim Ed: "Cisco Vulnerability"
• Next in thread: Jay Hennigan: "RE: Cisco Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It seems like the router would need to process a malformed packet for it to
affect it, as in the router itself is the IP destination. Is this true? If
so, it seems an ACL could protect it. Any additional info on it, Jay?

Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnet.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jay Hennigan
Sent: Wednesday, July 16, 2003 6:36 PM
To: Kim Ed
Cc: ccielab@groupstudy.com
Subject: Re: Cisco Vulnerability

On Wed, 16 Jul 2003, Kim Ed wrote:

> I heard many major ISPs are having emergency maintenances (code
> upgrade?).

Must have been my post to NANOG.

> I also hear that it is not realted to this bug below but can't be sure.
>
> http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml
>
> The rumored vulnerability is IOS, not CatOS and supposedly causes a
> reload, not a telnet DoS.

Yep, sure was.

> Anyone knows about this?

Supposedly it has to do with wedging the input buffer. 75 malformed
packets lock it up. It may not in itself cause a reload but one may
be needed to recover.

It's all over IRC, not a peep yet from Cisco. Rumor is that they've
given advance notice to the major backbones and the rest of the world
won't become enclued until late tomorrow afternoon.

In other news, AT&T experienced some major flakiness a couple of hours
ago, and released a very vague statement about "some customers may have
experienced an impairment..." Their woes were rumored to be a fiber cut
but I haven't heard of any voice or non-IP AT&T problems.

--
Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

• Next message: Jay Hennigan: "RE: Cisco Vulnerability"
• Previous message: asadovnikov: "RE: Cisco Vulnerability"
• Maybe in reply to: Kim Ed: "Cisco Vulnerability"
• Next in thread: Jay Hennigan: "RE: Cisco Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:42 GMT-3