Quick question, I'm not sure if this is applicable, but I am having some confusion of what versions of code to upgrade to, and a call to the TAC didn't help. All apologies if this is off topic at all. We are currently running 12.2(8)T5 on several of our 2600 series routers and according to the advisory, we should upgrade to 12.2(8)T10 to get the fix. I downloaded 12.2(8)T10, and the date is June 16th. ?? What gives, that seems really old for a rebuild. The same thing with 12.2(15)T5, the date is June 25th. Am I downloading the right code? I don't want to reboot every router on our network 2 times. TIA. Steve Rude -----Original Message----- From: Matthew Kaufman [mailto:matthew@eeph.com] Sent: Thursday, July 17, 2003 12:00 PM To: 'Scott Call'; nanog@nanog.org Subject: RE: Fixed IOS datestamps? I had the same problem, with no resolution from any of my contacts yet either (perhaps they're busy?)... In my case, 12.2(14)S is a recommended option for 7200s (but built a while back), but that leaves me wondering about 12.2(14)S2 and 12.2(14)S3 (the last of which was at least built recently). Perhaps someone on the list has already compiled a quick "here's a good set of releases for ISPs" list that covers the obvious router choices? I'm also having trouble deciphering whether or not there's an "old enough" release that isn't affected by the bug for 2511 and 2611, since the bug tool data isn't the same as the vulnerability announcement list. Matthew Kaufman matthew@eeph.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Scott Call Sent: Thursday, July 17, 2003 11:52 AM To: nanog@nanog.org Subject: Fixed IOS datestamps?
I started collecting the new IOS files for tonight's reboot of the Internet, and I had a quick question.
The datestamps on a lot of the maintainence releases are months old, and I just want to make sure I'm getting the right stuff, as they say, so we don't have to do this dance again tomorrow.
For example, 12.0S users are recommended to go to 12.0(25)S, which at least for the GSR is dated April 14, 2003.
Do I have the right build of 12.0(25)S or will there be one with a date closer to the revelation of the exploit showing up on the cisco FTP site?
Thanks -Scott
* steve@skyriver.net (Steve Rude) [Fri 18 Jul 2003, 01:08 CEST]:
Quick question, I'm not sure if this is applicable, but I am having some confusion of what versions of code to upgrade to, and a call to the TAC didn't help. All apologies if this is off topic at all.
We are currently running 12.2(8)T5 on several of our 2600 series routers and according to the advisory, we should upgrade to 12.2(8)T10 to get the fix. I downloaded 12.2(8)T10, and the date is June 16th. ?? What gives, that seems really old for a rebuild.
Discussion on cisco-nsp (where your question is much more applicable) is that Cisco has known about this bug for a while and has been building images before going public, so yeah, that could work.
The same thing with 12.2(15)T5, the date is June 25th. Am I downloading the right code?
According to the advisory you are. You write that calling the TAC didn't help. Did you ask them "Does 12.2(15)T5 contain the fix for this bug?" and were they unable to answer that? That sounds... improbable. -- Niels. -- <anselm> rather than calling it bluetooth the protocol should be called 'erikson wireless cellphone earpiece protocol' since that seems to be its only real use.
On Thu, Jul 17, 2003 at 03:20:18PM -0700, Steve Rude wrote:
Quick question, I'm not sure if this is applicable, but I am having some confusion of what versions of code to upgrade to, and a call to the TAC didn't help. All apologies if this is off topic at all.
We are currently running 12.2(8)T5 on several of our 2600 series routers and according to the advisory, we should upgrade to 12.2(8)T10 to get the fix. I downloaded 12.2(8)T10, and the date is June 16th. ?? What gives, that seems really old for a rebuild.
For those of you that haven't figured it out yet, this bug has been around for a long time. They probally found it and then said "since nothing is going on, we found this ourselves, we'll code the fix, test it, and then tell everyone about it." This means that some of the "CCO Stalkers" that watch for new software and test/play with it will not have a problem. Their devices will be in good shape.
The same thing with 12.2(15)T5, the date is June 25th. Am I downloading the right code?
I'd go off what they say is fixed. it was probally someones more than full time job to go around to each grou of people that ever built some weird software train at one time and say "here's the bugid, you need to provide customers a fix".
I don't want to reboot every router on our network 2 times.
I would contact the TAC to ask any questions you have. Cisco has been historically kind when this type of thing comes out and gives software updates out to people that do not have contracts to insure that they don't have a bad customer experience. I know the chart is hard to read because the product people need hardware support for their new thing they're shipping and are so impatient to ship it that they create these shortlived software trains that get the new hardware support they need. - Jared
TIA.
Steve Rude
-----Original Message----- From: Matthew Kaufman [mailto:matthew@eeph.com] Sent: Thursday, July 17, 2003 12:00 PM To: 'Scott Call'; nanog@nanog.org Subject: RE: Fixed IOS datestamps?
I had the same problem, with no resolution from any of my contacts yet either (perhaps they're busy?)... In my case, 12.2(14)S is a recommended option for 7200s (but built a while back), but that leaves me wondering about 12.2(14)S2 and 12.2(14)S3 (the last of which was at least built recently).
Perhaps someone on the list has already compiled a quick "here's a good set of releases for ISPs" list that covers the obvious router choices?
I'm also having trouble deciphering whether or not there's an "old enough" release that isn't affected by the bug for 2511 and 2611, since the bug tool data isn't the same as the vulnerability announcement list.
Matthew Kaufman matthew@eeph.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Scott Call Sent: Thursday, July 17, 2003 11:52 AM To: nanog@nanog.org Subject: Fixed IOS datestamps?
I started collecting the new IOS files for tonight's reboot of the Internet, and I had a quick question.
The datestamps on a lot of the maintainence releases are months old, and I just want to make sure I'm getting the right stuff, as they say, so we don't have to do this dance again tomorrow.
For example, 12.0S users are recommended to go to 12.0(25)S, which at least for the GSR is dated April 14, 2003.
Do I have the right build of 12.0(25)S or will there be one with a date closer to the revelation of the exploit showing up on the cisco FTP site?
Thanks -Scott
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Steve Rude writes:
Quick question, I'm not sure if this is applicable, but I am having some confusion of what versions of code to upgrade to, and a call to the TAC didn't help. All apologies if this is off topic at all.
We are currently running 12.2(8)T5 on several of our 2600 series routers and according to the advisory, we should upgrade to 12.2(8)T10 to get the fix. I downloaded 12.2(8)T10, and the date is June 16th. ?? What gives, that seems really old for a rebuild.
The same thing with 12.2(15)T5, the date is June 25th. Am I downloading the right code?
I don't want to reboot every router on our network 2 times.
Please keep in mind that the releases shown in the software table of a Cisco Security Advisory are the first fixed releases for a train. They are _NOT_ necessarily recommended releases for your situation. To get a recommendation, you need to talk to the TAC or your support team. The purpose of the first fixed release table is to help you determine if you are running a vulnerable release. If you happen to be running an old rebuild that's shown in that table, then you're not vulnerable. If you happen to be running an old rebuild that's _newer_ than the one in the same train shown in that table, you're still not vulnerable. Feel free to ask the TAC for a later release than those shown in the FFR table. They or your support team are much better able to help you find the best release for your situation. The advisory can't possibly do that; all it can tell you is if you are vulnerable or not. Hope this helps. I know it's a confusing issue. Disclaimer: I'm not a member of the PSIRT team anymore, nor do I work in the TAC. I only a former PSIRT member trying to lessen the load on the TAC and the Cisco PSIRT. Jim == Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc. jnduncan@cisco.com, +1 919 392 6209, http://www.cisco.com/go/ciag/. PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
participants (4)
-
Jared Mauch
-
Jim Duncan
-
Niels Bakker
-
Steve Rude