Mikael Olsson writes:
> apparently also penetrates Cisco PIX (version unknown):
> http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-29&ms
> [EMAIL PROTECTED]
>
> And let me reiterate: This vulnerability is likely to affect all
> stateful inspection firewalls with FTP "ALG"s that do not completely
> reassemble the TCP stream.
>
> Start putting some pressure on your firewall vendors to get good
> fixes out, people.
And the correct way to notify Cisco is [Ta-DAH!] contact the Cisco Systems
Product Security Incident Response Team. The URL is in my .sig, below.
We know about it, been working on it, and will publish soon. Hammering us
will result in an even worse distributed denial of service attack than the
workload we are suffering right now. And suggesting to the public that
they hammer us is impolite without checking with us first, especially if
our track record suggests otherwise.
Public attention to this is great -- it helps us get stuff fixed. But
please remember that we're on _your_ side in this. We're trying to get
stuff fixed as fast as we can. Every time folks start yammering about a
Cisco vulnerability without contacting us first and giving us a chance to
fix it my skin starts to crawl because it immediately drags us away from
proactive efforts so we can compose e-mail like this message. I can
understand -- in fact, I _advocate_ doing that on products from vendors
that never respond (or can't respond due to whatever reason).
But we _do_ respond, although it's not a quick as I'd like, and we're
getting stuff fixed. The problem's already fixed on the PIX, but we were
investigating a deeper problem related to the same vulnerability (which is
the main reason we hadn't published yet). Please bear with us, and please
help us out by asking us about it first before going public. At least
give us a chance to address the problem.
Thanks!
Jim
--
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <[EMAIL PROTECTED]> Phone(Direct/FAX): +1 919 392 6209
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
