[Full-Disclosure] Re: Addressing Cisco Security Issues

• Previous message: Void: "Re: new internet explorer exploit (was new worm)"
• In reply to: Geo.: "[Full-Disclosure] Addressing Cisco Security Issues"
• Next in thread: Clayton Kossmeyer: "[Full-Disclosure] Re: Addressing Cisco Security Issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Geo." <geoincident1@getinfo.org>, full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Date: Mon, 29 Mar 2004 11:35:38 -0800 (PST)

I have had a similar run-around with AT&T Broadband and Sprint a while back, pertaining to a DoS
attack my organization was experiencing. Not to dive into details, to resolve the issue, I got
them both on the line in a 3-way conversation, and it was taken care of in less then 5 minutes.
They didn't seem to eager to shrug off the responsibility to someone else, when that someone else
was right there on the phone.

Jason Dodson

--- "Geo." <geoincident1@getinfo.org> wrote:
> I have to post this because I consider this to be a security issue in it's
> own right.
>
> Recently there were a number of exploits released for cisco equipment, among
> the affected equipment were the 677 and 678 consumer DSL routers of which
> there are millions in use.
>
> I have one such router, the DSL circuit is provided by Alltel and I work for
> the ISP who provides the actual internet access.
>
> So upon reading recent warning notice sent to the security email lists about
> the exploits being publicly available I went and read
> http://www.cisco.com/warp/public/707/CBOS-DoS.shtml which pretty much says
> any router running a version of CBOS prior to 2.4.5 (actually you need 2.4.6
> because of later exploits) is vulnerable.
>
> So like a good netizen I contacted cisco TAC via telephone, gave them my 678
> serial number and they informed me that they could not provide the security
> update because my router is registered to alltel (alltel did provide the
> router when I ordered the DSL circuit), please call Alltel to get it. Ok so
> then I called Alltel, who told me no problem we can email you the update and
> asked for my email address. Except since Alltel is not the ISP I don't have
> an alltel email address so then they won't email it to me, please contact
> your ISP. I then informed Alltel that I AM MY ISP to which they replied they
> still could not provide the patch and that I would have to get it from
> Cisco.
>
> So then I call Cisco TAC again, this time I explain the full details of all
> I've just been thru and the tech decides to ask someone. Comes back and says
> if I register on the cisco website that he can open a ticket and get someone
> to call me back on it. (I'm presently waiting for that call)
>
> In the mean time I decided to google for it and low and behold I found 2.4.6
> on a website (url not posted to protect the life saving individuals who put
> it on the web). Now of course I've no way to know if this version I just
> found is safe or not but HELLO CISCO???
>
> If you are going to issue security alerts that require ISP's and consumers
> to patch their hardware devices then you had better damn well make sure that
> folks can actually GET THE PATCHES. It would require no effort at all to
> post a bogus version full of back doors and whatnot on the web and after
> seeing the nightmare it is to obtain the patch thru official channels it's
> clear to me that this would be a very popular download.
>
> Geo.
>

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Void: "Re: new internet explorer exploit (was new worm)"
• In reply to: Geo.: "[Full-Disclosure] Addressing Cisco Security Issues"
• Next in thread: Clayton Kossmeyer: "[Full-Disclosure] Re: Addressing Cisco Security Issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]