On Jul 9, 2010, at 8:49 AM, Dario Ciccarone (dciccaro) wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there: > > Once again, this is Dario Ciccarone with the Cisco PSIRT. This > email's purpose is to provide our conclusions on the investigation we > performed on this issue. > > <snip> > Second, this *is* indeed a vulnerability on Cisco IOS that *can > be > triggered* by an nmap scan. But before everyone run to the nearest > Linux box to run an nmap scan against their neighbor's network and > attempts to trigger it: this is a *known* and *previously publicly > disclosed* vulnerability, for which the Cisco PSIRT published an > advisory back in 2004:
Handy flow chart for handling possible bug discoveries: http://www.smtps.net/images/i-think-i-found-a-bug.jpg (I'm sure this will come back to haunt me at some point) -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
