Re: Power outage in North East
Joel Perez writes:
> Has anyone heard of a big Power outage in the North east?
> I just got a call from one of my tech's in the GBLX bldg in Newark, NJ
> at 1085 raymond and they are telling him that they lost power!
> But I also got a call from AT&T in NY that they also lost Power!
CNN is reporting a sizable power outage affecting New York City,
Boston, Cleveland, Detroit, Toronto, and Ottawa. The subways have
stopped in Manhattan and folks are walking in the streets. A
transformer is on fire on 14th street.
I just spoke on the phone with a friend in Ann Arbor, and he confirmed
the complete power outage there.
Jim
==
Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc.
[EMAIL PROTECTED], +1 919 392 6209, http://www.cisco.com/go/ciag/.
PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
Re: Cisco Vulnerability Testing Results
Jason Frisvold writes:
> Just for fun we hit an old AGS+ router with 10.2(4) code on it..
> Apparently older code is vulnerable too..
You are correct. The vulnerability was introduced back in 1994 in a
patch that was integrated into 10.0(6.1) and 10.2(1.6). The vuln is
present in any release that follows in those same trains, such as
10.2(4) as you confirmed above, as well as in all of 10.3.
All other prior versions of IOS do not contain the software that
introduced the vulnerability and are probably not vulnerable, but I will
not be able to confirm that by testing it.
> So.. everyone running AGS+'s in the core, beware.. *grin*
The workarounds should apply, but not much else. ;-)
Jim
==
Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc.
[EMAIL PROTECTED], +1 919 392 6209, http://www.cisco.com/go/ciag/.
PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
Re: Fixed IOS datestamps?
Steve Rude writes: > Quick question, I'm not sure if this is applicable, but I am having some > confusion of what versions of code to upgrade to, and a call to the TAC > didn't help. All apologies if this is off topic at all. > > We are currently running 12.2(8)T5 on several of our 2600 series routers > and according to the advisory, we should upgrade to 12.2(8)T10 to get > the fix. I downloaded 12.2(8)T10, and the date is June 16th. ?? What > gives, that seems really old for a rebuild. > > The same thing with 12.2(15)T5, the date is June 25th. Am I downloading > the right code? > > I don't want to reboot every router on our network 2 times. Please keep in mind that the releases shown in the software table of a Cisco Security Advisory are the first fixed releases for a train. They are _NOT_ necessarily recommended releases for your situation. To get a recommendation, you need to talk to the TAC or your support team. The purpose of the first fixed release table is to help you determine if you are running a vulnerable release. If you happen to be running an old rebuild that's shown in that table, then you're not vulnerable. If you happen to be running an old rebuild that's _newer_ than the one in the same train shown in that table, you're still not vulnerable. Feel free to ask the TAC for a later release than those shown in the FFR table. They or your support team are much better able to help you find the best release for your situation. The advisory can't possibly do that; all it can tell you is if you are vulnerable or not. Hope this helps. I know it's a confusing issue. Disclaimer: I'm not a member of the PSIRT team anymore, nor do I work in the TAC. I only a former PSIRT member trying to lessen the load on the TAC and the Cisco PSIRT. Jim == Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc. [EMAIL PROTECTED], +1 919 392 6209, http://www.cisco.com/go/ciag/. PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
Re: Fixed IOS datestamps?
Scott Call writes: > I started collecting the new IOS files for tonight's reboot of the > Internet, and I had a quick question. > > The datestamps on a lot of the maintainence releases are months old, and > I just want to make sure I'm getting the right stuff, as they say, so we > don't have to do this dance again tomorrow. > > For example, 12.0S users are recommended to go to 12.0(25)S, which at > least for the GSR is dated April 14, 2003. > > Do I have the right build of 12.0(25)S or will there be one with a date > closer to the revelation of the exploit showing up on the cisco FTP site? I just checked the source code. 12.0(25)S does indeed have the fix. Jim == Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc. [EMAIL PROTECTED], +1 919 392 6209, http://www.cisco.com/go/ciag/. PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
Re: New information on cisco exploit
Alex Rubenstein writes: > http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml FYI, be sure to hit shift-reload in your browser so you're not accidentally reading a cached local copy of the older version. You should see version 1.3 as of a few minutes ago. Jim == Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc. [EMAIL PROTECTED], +1 919 392 6209, http://www.cisco.com/go/ciag/. PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
