I do not see any vulnerabilities listed there.  Only documentation of 
behavioral bugs, caveats, and restrictions.

A "vulnerability" would be something like the one Microsoft introduced into all 
versions of the Windows IP stack after Windows 2003 and Windows XP wherein "the 
Operating System will execute the payload of an IP packet with SYSTEM authority 
and SYSTEM integrity when a crafted IP packet is received in which a certain 
combination of invalid and reserved header bits are set".

>-----Original Message-----
>From: Ruairi Carroll [mailto:ruairi.carr...@gmail.com]
>Sent: Saturday, 20 September, 2014 14:57
>To: Keith Medcalf
>Cc: Daniel Sterling; Bacon Zombie; nanog@nanog.org
>Subject: Re: Saying goodnight to my GSR
>
>> And what, exactly, is it vulnerable to?
>
>Most of these, I'd imagine:
>http://www.cisco.com/c/en/us/td/docs/ios/12_0s/release/ntes/120SCAVS.html
>
>
>On 20 September 2014 14:25, Keith Medcalf <kmedc...@dessus.com> wrote:
>
>
>
>       And what, exactly, is it vulnerable to?
>
>
>       >-----Original Message-----
>       >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel
>Sterling
>       >Sent: Saturday, 20 September, 2014 12:06
>       >To: Bacon Zombie
>       >Cc: nanog@nanog.org
>       >Subject: Re: Saying goodnight to my GSR
>       >
>       >Again, you're focusing resentment towards someone who did the right
>       >thing. Negative reinforcement will discourage others from taking
>       >action and will discourage them from encouraging others to take
>       >action.
>       >
>       >Let's focus on who still has vulnerable equipment and how to help
>       >them. Let's not shame people who did the right thing
>       >
>       >Thanks,
>       >Dan
>       >
>       >
>       >On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie
><baconzom...@gmail.com>
>       >wrote:
>       >> OK thank you for decommissioning this.*
>       >>
>       >> * Only if you either had authority to do so for max 1 year or had
>no
>       >> authority but were fighting to have it patches or replaced for
>years.
>       >> On Sep 20, 2014 7:54 PM, "Daniel Sterling"
><sterling.dan...@gmail.com>
>       >> wrote:
>       >>
>       >>> On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie
><baconzom...@gmail.com>
>       >>> wrote:
>       >>>
>       >>> > So when was the last time you patched this internet facing
>device?
>       >>>
>       >>> Isn't the better response, thank you for decommissioning it?
>       >>>
>       >>> Can someone from cisco set up a poll or release whatever numbers
>they
>       >>> have about how many of these old devices are still in service?
>       >>>
>       >>> Thanks,
>       >>> Dan
>       >>>
>
>
>
>
>




Reply via email to