[apops] FYI: Major Cisco security notice (CSCdj43337) Wednesday

  • To: <bgreene at cisco dot com>
  • Subject: [apops] FYI: Major Cisco security notice (CSCdj43337) Wednesday
  • From: "Barry Raveendran Greene" <bgreene at cisco dot com>
  • Date: Sun, 16 Aug 1998 09:15:45 +0800
  • Importance: Normal
  • Reply-to: <bgreene@cisco.com>
  • Sender: owner-apops@apnic.net
      [Apologies for duplicates.]
      Hello Everyeone,
      In case you have not seen this Security notice on the CERT, FIRST, NANOG, or
      BUGTRAQ mailing list ..... I've forward this to the various ISP Operations
      in the region.
      An error in Cisco IOS software makes it possible for untrusted,
      users who can gain access to the login prompt of a router or other Cisco IOS
      device, via any means, to cause that device to crash and reload.
      This applies only to devices running classic Cisco IOS software. This
      most Cisco routers with model numbers greater than or equal to 1000, but
      not include the 7xx series, the Catalyst LAN switches, WAN switching
      in the IGX or BPX lines, the AXIS shelf, early models of the LS1010 or
      ATM switches, or any host-based software.
      Who Is Affected
      - ---------------
      All users of classic Cisco IOS software versions 9.1 and later, but earlier
      than the repaired versions listed in the "Details" section of this notice,
      whose devices can be connected to interactively by untrusted users, are
      affected by this vulnerability. It is not necessary to be able to actually
      in to exploit this vulnerability; simply establishing a terminal connection
      Note that some of the repaired software has been in the field for some time;
      you may already have installed it. Please check your software version number
      before assuming that you are affected.
      Most ISPs using the 11.1CA/11.1CC code train are not effected. This has been
      fixed for some time in those IOS code trains.
      It will be released at 08:00 US/Pacific.
      Text is at:
      or via the CERT Vendor-Initiated Bulletin VB-98.08
      ISP Whitepaper w/ Security Section
      - ----------------------------------
      A new version of the whitepaper "Essentical IOS Features Every ISP Should
      Consider" is pre-posted on my www.employees.org Web site. It has a huge
      on security for ISPs and special adendium for using ACLs to close off access
      your login in prompt.
      If you have any questions, please contact your local Cisco SE.
      Help Map the Internet - RFC 1876 - http://www.caida.org/Tools/iptll.html
      Barry Raveendran Greene                    |       ||        ||        |
      Senior Consultant                          |       ||        ||        |
      Corporate Consulting                       |      ||||      ||||       |
      Office of the CTO                          |  ..:||||||:..:||||||:..   |
      e-mail: bgreene at cisco dot com                  |  C i s c o S y s t e m s  |
      PGP Public Key is registered at http://pgp5.ai.mit.edu/
      *             APOPS: Asia Pacific Operations Forum              *
      * To unsubscribe: send "unsubscribe" to apops-request at apnic dot net *