I started collecting the new IOS files for tonight's reboot of the Internet, and I had a quick question. The datestamps on a lot of the maintainence releases are months old, and I just want to make sure I'm getting the right stuff, as they say, so we don't have to do this dance again tomorrow. For example, 12.0S users are recommended to go to 12.0(25)S, which at least for the GSR is dated April 14, 2003. Do I have the right build of 12.0(25)S or will there be one with a date closer to the revelation of the exploit showing up on the cisco FTP site? Thanks -Scott
I had the same problem, with no resolution from any of my contacts yet either (perhaps they're busy?)... In my case, 12.2(14)S is a recommended option for 7200s (but built a while back), but that leaves me wondering about 12.2(14)S2 and 12.2(14)S3 (the last of which was at least built recently). Perhaps someone on the list has already compiled a quick "here's a good set of releases for ISPs" list that covers the obvious router choices? I'm also having trouble deciphering whether or not there's an "old enough" release that isn't affected by the bug for 2511 and 2611, since the bug tool data isn't the same as the vulnerability announcement list. Matthew Kaufman matthew@eeph.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Scott Call Sent: Thursday, July 17, 2003 11:52 AM To: nanog@nanog.org Subject: Fixed IOS datestamps?
I started collecting the new IOS files for tonight's reboot of the Internet, and I had a quick question.
The datestamps on a lot of the maintainence releases are months old, and I just want to make sure I'm getting the right stuff, as they say, so we don't have to do this dance again tomorrow.
For example, 12.0S users are recommended to go to 12.0(25)S, which at least for the GSR is dated April 14, 2003.
Do I have the right build of 12.0(25)S or will there be one with a date closer to the revelation of the exploit showing up on the cisco FTP site?
Thanks -Scott
Scott Call wrote:
For example, 12.0S users are recommended to go to 12.0(25)S, which at least for the GSR is dated April 14, 2003.
Do I have the right build of 12.0(25)S or will there be one with a date closer to the revelation of the exploit showing up on the cisco FTP site?
I think that's a typo. 12.0(25)S gave me that it was vulnerable and I needed 12.0(25)S1. -Jack
Scott Call writes:
I started collecting the new IOS files for tonight's reboot of the Internet, and I had a quick question.
The datestamps on a lot of the maintainence releases are months old, and I just want to make sure I'm getting the right stuff, as they say, so we don't have to do this dance again tomorrow.
For example, 12.0S users are recommended to go to 12.0(25)S, which at least for the GSR is dated April 14, 2003.
Do I have the right build of 12.0(25)S or will there be one with a date closer to the revelation of the exploit showing up on the cisco FTP site?
I just checked the source code. 12.0(25)S does indeed have the fix. Jim == Jim Duncan, Critical Infrastructure Assurance Group, Cisco Systems, Inc. jnduncan@cisco.com, +1 919 392 6209, http://www.cisco.com/go/ciag/. PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821
participants (4)
-
Jack Bates -
Jim Duncan -
Matthew Kaufman -
Scott Call