From rmilner at aoc.nrao.edu Tue Jan 7 11:28:32 2003 From: rmilner at aoc.nrao.edu (Ruth Milner) Date: Tue, 07 Jan 2003 09:28:32 -0700 Subject: [comm] chaos with carriers Message-ID: <3E1B0030.8030109@aoc.nrao.edu> Interesting InformationWeek article. Ruth. --------------- Will You Still Be Here Tomorrow? More than $10 billion in business telecom contracts are up for renewal this year, and buyers are prepared to rake telcos over the coals for clues indicating whether the vendors will survive 2003. informationweek.com/921/telecom.htm From rmilner at aoc.nrao.edu Mon Jan 13 13:09:47 2003 From: rmilner at aoc.nrao.edu (Ruth Milner) Date: Mon, 13 Jan 2003 11:09:47 -0700 Subject: [comm] Cisco SSH holes Message-ID: <3E2300EB.1000006@aoc.nrao.edu> Is SSH enabled on our Cisco equipment that supports it? This hole was found by testing with the same suite (SSHredder) that found holes in putty. Ruth. --------------- *** {03.01.012} NetDev - Cisco products SSH reload DoS Cisco has released an advisory indicating various Cisco devices running IOS versions 12.0S, 12.0ST, 12.1T, 12.1E, 12.2, 12.2T, and 12.2S, can be caused remotely to reboot by sending a malformed SSH packet to the device, if the SSH service is running. All products running the above versions of IOS and using SSH are affected. NOT affected are the Cisco Catalyst series running CatOS, VPN3000, PIX firewalls, SN5400 series, and NetRanger products. Cisco confirmed this vulnerability. Patches are currently in production and available from Cisco. Source: Cisco http://archives.neohapsis.com/archives/cisco/2002-q4/0005.html From grunion at cv3.cv.nrao.edu Mon Jan 13 16:19:25 2003 From: grunion at cv3.cv.nrao.edu (Gene Runion) Date: Mon, 13 Jan 2003 16:19:25 -0500 (EST) Subject: [comm] Cisco SSH holes In-Reply-To: <3E2300EB.1000006@aoc.nrao.edu> Message-ID: I have never enabled ssh, main reason is the older equipment doesn't support it and you cann't get to the devices from the internet. On Mon, 13 Jan 2003, Ruth Milner wrote: > Is SSH enabled on our Cisco equipment that supports it? > > This hole was found by testing with the same suite (SSHredder) that > found holes in putty. > > Ruth. > --------------- > > *** {03.01.012} NetDev - Cisco products SSH reload DoS > > Cisco has released an advisory indicating various Cisco devices running > IOS versions 12.0S, 12.0ST, 12.1T, 12.1E, 12.2, 12.2T, and 12.2S, > can be caused remotely to reboot by sending a malformed SSH packet > to the device, if the SSH service is running. All products running > the above versions of IOS and using SSH are affected. NOT affected > are the Cisco Catalyst series running CatOS, VPN3000, PIX firewalls, > SN5400 series, and NetRanger products. > > Cisco confirmed this vulnerability. Patches are currently in production > and available from Cisco. > > Source: Cisco > http://archives.neohapsis.com/archives/cisco/2002-q4/0005.html > > _______________________________________________ > Comm mailing list > Comm at listmgr.cv.nrao.edu > http://listmgr.cv.nrao.edu/mailman/listinfo/comm >