Cisco has updated the advisory, to version 1.3, which includes a great deal more detail regarding the vulnerability.
Priscilla Oppenheimer wrote: >It sounds like this is a hypothetical packet and situation that Cisco >quality assurance discovered. I thought it was something already being >exploited, but it doesn't sound like it. In that case, I guess I support >Cisco not telling us more about it. > >It's sort of an age-old security question of how much info to publish. The >info would help the white hats, but also the black hats. > >Unfortunately, I can't look at bug reports (even with my guest access!?) >Maybe there's more in the bug reports. I still want to know more about these >packets. :-) But I guess I'll have to do more research.... > >Priscilla > >M.C. van den Bovenkamp wrote: > > >>Duncan Maccubbin wrote: >> >> >> >>>I was on a conference call with Cisco and the Cisco rep felt >>> >>> >>we were >> >> >>>overreacting by rushing to change our code right away, He >>> >>> >>said that the >> >> >>>packet was extremely difficult to create and the person would >>> >>> >>have to be a >> >> >>>"genius" to make it. >>> >>> >>As we don't know exactly *what* you need to do, it's difficult >>to say >>whether he's right or not. But my gut says he's wrong; as soon >>as you >>*do* know, there are 'packetfactory'-tools enough about... >> >> Regards, >> >> Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72541&t=72463 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
