CBOS v2.4.3

From: terry white (twhite@aniota.com)
Date: 08/25/01 

Date: Sat, 25 Aug 2001 07:53:34 -0700 (PDT)
From: terry white <twhite@aniota.com>
To: linux-admin <linux-admin@vger.kernel.org>, bugtraq@securityfocus.com, incidents@securityfocus.com
Subject: CBOS v2.4.3
Message-ID: <Pine.LNX.4.10.10108250656220.1501-100000@yossarian.aniota.net>

... ciao:
  
    04/Aug/2001 @ 03:44:21 i saw my first "GET /default.ida?XXXXXXXX".
being a 'quest' dsl customer with a 675, i had a problem. i recall
having mentioned this, and when i came across a 'solution' made note of
that also. someone else made mention of changing the ip toward which the
web interface looked. the 675 is running CBOS v.2.2.0.
  
    yesterday, cisco's announcement of their 'fixed' 2.4.3 CBOS was
forwarded on one of the lists. following the instructions therein, i
contacted the listed email contact. i was instructed to read the
document i'd just read for instructions. this prompted my inquiry about
what i'd missed in that reading, to which i was offered the graph about
contacting the 'third' party. it was clear to me, this was circular in
nature, so i called 'quest'.
  
    the latest version CBOS 'quest' had was 2.2.0. however, on monday
quest is mounting a wholesale 'user upgrade effort' to include the latest
2.4.3 version. as i run linux, support is clearly out of the question,
but in my instance, not an issue. i do have to add, that 'quest' as been
far more responsible than cisco in dealing with the CR-II problem given
their respective posiions in the situation.
  
    this problem is CLEARLY a cisco fiasco. they designed a web
interface, that when disabled, is port sensitive. what is 'wrong' with
this picture, well, in the best of all worlds, port consideration would
be a 'moot' point for a 'disabled interface'. to my mind, this issue
transcends cisco's demand that third party vendors, where they exits,
'handle' it.
  
    bottom line: there a multitude of cisco product users, that cisco
has NO interest in helping solve a problem, 'cisco' created ...
  
   

-- 
... i'm a man , and i can change ,
    if i really have to , i guess ...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Code Red II - Dead Thread
    ... found to be working on those Cisco 67x units which still have problems, ... upgrade to CBOS Version 2.4.1, which does appear to work in some instances. ... Following up on a tip by a network engineer in one of the mailing lists, ... of the mailing lists and newsgroups, I set the port assignment for the Web ...
    (Incidents)
  • Re: Two birds with one worm.
    ... > Cisco DSL CPEs running any CBOS prior to 2.4.1. ... I think this is an old bug in the Cisco DSL routers, ... be todisable the web interface or upgrade the firmware. ...
    (Bugtraq)