[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Cisco HTTP possible bug:
From: Jim Duncan <jnduncan () cisco ! com>
Date: 2000-04-28 21:42:34
[Download RAW message or body]
aleph1@securityfocus.com writes:
> Summary of responces in this thread:
>
> Model IOS version Confirmed
> ----- ----------- ----------
> C2924XL - No
> C2900X 11.2(8)SA1 No
> 7206 12.1(1a)T1 No
> 7206 12.0(9)S Yes
> 5300 12.1(1.3)T No
> 4000 11.0 No
> 3640 12.0(7)T Yes
> 2621 12.0(5)T1 Yes
> 2514 11.2(17) Yes
> 2501 12.0-4.T Yes
> 2501 12.0(8) Yes
Thanks. This is helpful.
If it's not too much trouble, it would be particularly useful if we knew
the image names for each test, e.g., c7200-inu-mz.111-24, since that tells
us a lot more about the content of the image and the platforms it runs on.
The image name is available in the output of a "show ver" in enable mode,
and it would mean adding an extra column to your table.
For example, I'm very curious about the 7206 running 12.0(9)S and the 5300
running 12.1(1.3)T. From inspecting the code, I believe they should be
vulnerable, *if* they're running the affected image. But I can't tell
that for certain without the image name.
Thanks again.
Jim
--
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan@cisco.com> Phone(Direct/FAX): +1 919 392 6209
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic