From bellagamba at isoc.org Wed Jul 1 16:29:06 2009 From: bellagamba at isoc.org (Sebastian Bellagamba) Date: Wed, 1 Jul 2009 16:29:06 -0300 Subject: [lacnog] Programa de becas al IETF de ISOC Message-ID: (English below) Estimado colegas, La Internet Society anuncia que est?n abiertas la aplicaciones para la pr?xima ronda del programa ISOC Fellowship to the IETF, parte del programa Future Internet Leaders (www.isoc.org/leaders). El programa ofrece a ingenieros de pa?ses en desarrollo becas para cubrir el costo de asistir a un evento del Internet Engineering Task Force (IETF). Como saben, el IETF es el principal ?rgano de generaci?n de estand?res de Internet, responsable del desarrollo de protocolos utilizados en redes basadas en IP. Los participantes del IETF representan una comunidad internacional de dise?adores de redes, operadores, vendedores e investigadores envueltos en la operaci?n t?cnica de Internet y la continua evoluci?n de la arquitectura de Internet. Las becas ser?n asignadas a trav?s de un proceso de aplicaciones competitivo. La Internet Society est? actualmente aceptando aplicaciones de becas para los pr?ximos dos eventos del IETF: * IETF 76 en Hiroshima, Jap?n, 8-13 noviembre 2009 * IETF 77 en Anaheim, USA, 21-26 marzo 2010 Hasta un m?ximo de seis becas ser?n asignadas para cada evento del IETF. Los detalles completos del programa ISOC Fellowship to the IETF (en ingl?s), incluyendo c?mo aplicar, est?n disponibles en el sitio web de ISOC: http://www.isoc.org/educpillar/fellowship La fecha l?mite para aplicar a las becas para ambos eventos es el 31 de julio del 2009. La Internet Society formalmente lanz? el programa ISOC Fellowship to the IETF en enero del 2007, despu?s de un exitoso piloto durante 2006 en el IETF 66 de Montreal y el IETF 67 en San Diego. Cuarenta y siete individuos de 29 diferentes pa?ses participaron del programa desde su comienzo. Si tienes preguntas, por favor no dudes en contactar (en ingl?s) a Connie Kendig (kendig at isoc.org) o Mirjam Kuehne (mir at isoc.org) ------------- Dear Colleagues, The Internet Society has announced that it is seeking applications for the next round of the ISOC Fellowship to the IETF program, part of its Future Internet Leaders program (www.isoc.org/leaders). The program offers engineers from developing countries fellowships that fund the cost of attending an Internet Engineering Task Force (IETF) meeting. As you know, the IETF is the Internet's premier standards-making body, responsible for the development of protocols used in IP-based networks. IETF participants represent an international community of network designers, operators, vendors, and researchers involved in the technical operation of the Internet and the continuing evolution of Internet architecture. Fellowships will be awarded through a competitive application process. The Internet Society is currently accepting fellowship applications for the next two IETF meetings: * IETF 76 being held in Hiroshima, Japan, 8-13 November 2009 * IETF 77 being held in Anaheim, USA, 21-26 March 2010 Up to six fellowships will be awarded for each IETF meeting. Full details on the ISOC Fellowship to the IETF, including how to apply, are located on the ISOC website at : http://www.isoc.org/educpillar/fellowship Fellowship applications for both IETF meetings are due by 31 July 2009. The Internet Society formally launched the ISOC Fellowship to the IETF program in January 2007 after successfully piloting the program during 2006 at IETF 66 in Montreal and IETF 67 in San Diego. Forty seven individuals from 29 countries have participated in the program since its inception. I encourage you to pass information about this program to individuals involved in your regional operators' groups that have a keen interest in the Internet standardisation activities of the IETF. You also may consider being a reference for the applicant. If you have questions, please do not hesiate to contact Connie Kendig or Mirjam Kuehne . Sebastian Bellagamba bellagamba at isoc.org ------------------------------- Manager - Oficina Regional para America Latina y el Caribe Regional Bureau Manager for Latin America and the Caribbean ================== Internet Society www.isoc.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From roque at lacnic.net Tue Jul 28 21:25:31 2009 From: roque at lacnic.net (Roque Gagliano) Date: Tue, 28 Jul 2009 21:25:31 -0300 Subject: [lacnog] Vulnerabilidad de BIND / BIND vulnerability Message-ID: Amigos, Hoy se descubri? una vulnerabilidad del bind que ocasiona que los servidores sufran un crash con un ?nico paquete. El c?digo para lanzar el ataque est? disponible en la web por lo que el riesgo es grande. Abarca a BIND v. 9.4, 9.5 y 9.6 El anuncio de ISC se encuentra en: >> https://www.isc.org/node/474 el primer anuncio del bug en: >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 Roque ----------- Dear friends, Today a new vulnerability in BIND was announced and the code to explode it is available online. The ISC announcement can be found here: >> https://www.isc.org/node/474 The bug announcement here: >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 Roque ------------------------------------------------------------- Roque Gagliano LACNIC roque at lacnic.net GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: From roque at lacnic.net Tue Jul 28 21:56:30 2009 From: roque at lacnic.net (Roque Gagliano) Date: Tue, 28 Jul 2009 21:56:30 -0300 Subject: [lacnog] [LACNIC/Seguridad] Vulnerabilidad de BIND / BIND vulnerability In-Reply-To: <13AAAC93-FC46-47CF-B9F9-01EC1BDF3A76@utp.ac.pa> References: <13AAAC93-FC46-47CF-B9F9-01EC1BDF3A76@utp.ac.pa> Message-ID: oscar, toda versi?n anterior est? EOL, as? que mejor actualizar por las dudas. fuente: https://www.isc.org/software/bind/versions slds r. On Jul 28, 2009, at 9:48 PM, Oscar Torres wrote: > Buenas Noches a Todos, estas versiones solo afectan las versiones > comentadas por Roque o todas las versiones 9 de Bind ??? > > Slds. > > > -- > Ing. Oscar Torres > Tel. (507) 560-3230 > Fax. (507) 560-3148 > Cel. (507) 6586-0370 > Jefe de Redes y Comunicaciones > Lead Team Network and Telecommunications Department > Departamento de Redes y Comunicaciones > Universidad Tecnol?gica de Panam? > Direcci?n de Tecnologia de Informaci?n y Comunicaciones > NIC-PANAMA - UTP (Network Information Center - Panam?) > ccTLD.pa > > > > ------------------------------------------------------------------------------------------------------------------------------------ > Este mensaje (y sus adjuntos), en adelante "mensaje", ha sido > enviado exclusivamente a su(s) destinatario(s) y es confidencial. > Si usted recibe este mensaje por error, por favor borrelo y > comunique inmediatamente al remitente. > Toda utilizacion o publicacion, total o parcial, queda prohibida > salvo autorizacion expresa. La UTP no podra ser considerada > responsable si el mensaje ha sido modificado y/o utilizado sin > autorizacion. > > ------------------------------------------------------------------------------------------------------------------------------------- > This message (and any attachments), are confidential intended solely > for the people whose addresses appear. If you have received this > message by error, please delete it and immediately notify the > sender. Any use, dissemination or disclosure, either whole or > partial, without formal approval is prohibited. The UTP will not > therefore be liable for the message if modified and/or used without > approval. > -------------------------------------------------------------------------------------------------------------------------------------- > > On Jul 28, 2009, at 7:25 PM, Roque Gagliano wrote: > >> Amigos, >> >> Hoy se descubri? una vulnerabilidad del bind que ocasiona que los >> servidores sufran un crash con un ?nico paquete. El c?digo para >> lanzar el ataque est? disponible en la web por lo que el riesgo es >> grande. Abarca a BIND v. 9.4, 9.5 y 9.6 >> >> El anuncio de ISC se encuentra en: >>>> https://www.isc.org/node/474 >> >> el primer anuncio del bug en: >>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 >> >> >> >> Roque >> >> ----------- >> >> Dear friends, >> >> Today a new vulnerability in BIND was announced and the code to >> explode it is available online. >> >> The ISC announcement can be found here: >>>> https://www.isc.org/node/474 >> >> >> The bug announcement here: >>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 >> >> Roque >> >> ------------------------------------------------------------- >> Roque Gagliano >> LACNIC >> roque at lacnic.net >> GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE >> >> _______________________________________________ >> Seguridad mailing list >> Seguridad at lacnic.net >> https://mail.lacnic.net/mailman/listinfo/seguridad > > _______________________________________________ > Seguridad mailing list > Seguridad at lacnic.net > https://mail.lacnic.net/mailman/listinfo/seguridad ------------------------------------------------------------- Roque Gagliano LACNIC roque at lacnic.net GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: From roque at lacnic.net Wed Jul 29 11:27:09 2009 From: roque at lacnic.net (Roque Gagliano) Date: Wed, 29 Jul 2009 11:27:09 -0300 Subject: [lacnog] [LACNIC/Seguridad] Vulnerabilidad de BIND / BIND vulnerability In-Reply-To: References: <13AAAC93-FC46-47CF-B9F9-01EC1BDF3A76@utp.ac.pa> Message-ID: hola, Hubo una actulizaci?n del bug. el bug s?lo afecta a servidores autoritativos que son master para alguna zona. Si un servidor es s?lo secundario, no est? afectado. Ahora, BIND por defecto trae zonas como 127.in-addr.arpa configuradas, si es as?, el servidor es a?n vulnerable. roque fuente: https://www.isc.org/node/474 On Jul 28, 2009, at 9:56 PM, Roque Gagliano wrote: > oscar, > > toda versi?n anterior est? EOL, as? que mejor actualizar por las > dudas. > > fuente: https://www.isc.org/software/bind/versions > > slds > r. > > > On Jul 28, 2009, at 9:48 PM, Oscar Torres wrote: > >> Buenas Noches a Todos, estas versiones solo afectan las versiones >> comentadas por Roque o todas las versiones 9 de Bind ??? >> >> Slds. >> >> >> -- >> Ing. Oscar Torres >> Tel. (507) 560-3230 >> Fax. (507) 560-3148 >> Cel. (507) 6586-0370 >> Jefe de Redes y Comunicaciones >> Lead Team Network and Telecommunications Department >> Departamento de Redes y Comunicaciones >> Universidad Tecnol?gica de Panam? >> Direcci?n de Tecnologia de Informaci?n y Comunicaciones >> NIC-PANAMA - UTP (Network Information Center - Panam?) >> ccTLD.pa >> >> >> >> ------------------------------------------------------------------------------------------------------------------------------------ >> Este mensaje (y sus adjuntos), en adelante "mensaje", ha sido >> enviado exclusivamente a su(s) destinatario(s) y es confidencial. >> Si usted recibe este mensaje por error, por favor borrelo y >> comunique inmediatamente al remitente. >> Toda utilizacion o publicacion, total o parcial, queda prohibida >> salvo autorizacion expresa. La UTP no podra ser considerada >> responsable si el mensaje ha sido modificado y/o utilizado sin >> autorizacion. >> >> ------------------------------------------------------------------------------------------------------------------------------------- >> This message (and any attachments), are confidential intended >> solely for the people whose addresses appear. If you have received >> this >> message by error, please delete it and immediately notify the >> sender. Any use, dissemination or disclosure, either whole or >> partial, without formal approval is prohibited. The UTP will not >> therefore be liable for the message if modified and/or used without >> approval. >> -------------------------------------------------------------------------------------------------------------------------------------- >> >> On Jul 28, 2009, at 7:25 PM, Roque Gagliano wrote: >> >>> Amigos, >>> >>> Hoy se descubri? una vulnerabilidad del bind que ocasiona que los >>> servidores sufran un crash con un ?nico paquete. El c?digo para >>> lanzar el ataque est? disponible en la web por lo que el riesgo es >>> grande. Abarca a BIND v. 9.4, 9.5 y 9.6 >>> >>> El anuncio de ISC se encuentra en: >>>>> https://www.isc.org/node/474 >>> >>> el primer anuncio del bug en: >>>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 >>> >>> >>> >>> Roque >>> >>> ----------- >>> >>> Dear friends, >>> >>> Today a new vulnerability in BIND was announced and the code to >>> explode it is available online. >>> >>> The ISC announcement can be found here: >>>>> https://www.isc.org/node/474 >>> >>> >>> The bug announcement here: >>>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 >>> >>> Roque >>> >>> ------------------------------------------------------------- >>> Roque Gagliano >>> LACNIC >>> roque at lacnic.net >>> GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE >>> >>> _______________________________________________ >>> Seguridad mailing list >>> Seguridad at lacnic.net >>> https://mail.lacnic.net/mailman/listinfo/seguridad >> >> _______________________________________________ >> Seguridad mailing list >> Seguridad at lacnic.net >> https://mail.lacnic.net/mailman/listinfo/seguridad > > ------------------------------------------------------------- > Roque Gagliano > LACNIC > roque at lacnic.net > GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE > > _______________________________________________ > LACNOG mailing list > LACNOG at lacnic.net > https://mail.lacnic.net/mailman/listinfo/lacnog ------------------------------------------------------------- Roque Gagliano LACNIC roque at lacnic.net GPG Fingerprint: E929 06F4 D8CD 2AD8 9365 DB72 9E4F 964A 01E9 6CEE -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: From nantoniello at gmail.com Wed Jul 29 13:08:24 2009 From: nantoniello at gmail.com (Nicolas Antoniello) Date: Wed, 29 Jul 2009 13:08:24 -0300 Subject: [lacnog] [LACNIC/Seguridad] Vulnerabilidad de BIND / BIND vulnerability In-Reply-To: References: <13AAAC93-FC46-47CF-B9F9-01EC1BDF3A76@utp.ac.pa> Message-ID: Ya que estamos... les adjunto una vulnerabilidad que surgi? para IOS Cisco que soporten ASNs de 32 bits. Esta vulnerabilidad ya la ten?an algunos IOS para sistemas aut?nomos de 16 bits... se ve que no aprendieron la leccion... :) -------- Original Message -------- Subject: Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Date: Wed, 29 Jul 2009 15:00:00 -0000 From: Cisco Systems Product Security Incident Response Team Reply-To: psirt at cisco.com To: nanog at merit.edu CC: psirt at cisco.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 ========= For Public Release 2009 July 29 1600 UTC (GMT) Summary ======= Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section "Software Versions and Fixes" of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number <1.0-XX.YY> 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-4294967295> Autonomous system number <1.0-XX.YY> Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command "show running-config". The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document "Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software not explicitly mentioned in this Advisory * Cisco IOS XR Software * Cisco IOS NX-OS No other Cisco products are currently known to be affected by this vulnerability. Details ======= RFC4271 has defined an AS number as a two-octet entity in BGP. RFC4893 has defined an AS number as a four-octet entity in BGP. The first vulnerability could cause an affected device to reload when processing a BGP update that contains AS path segments made up of more than one thousand autonomous systems. If an affected 4-byte AS number BGP speaker receives a BGP update from a 2-byte AS number BGP speaker that contains AS path segments made up of more than one thousand autonomous systems, the device may crash with memory corruption, and the error "%%Software-forced reload" will be displayed. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a BGP update with a series of greater than one thousand AS numbers Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR Software, as a 2 byte AS number BGP speaker send BGP updates with a maximum of 255 AS numbers. This vulnerability is documented in Cisco Bug ID CSCsy86021 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-1168. The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a non-RFC compliant crafted BGP update message This vulnerability is documented in Cisco Bug ID CSCta33973 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2049. Further information regarding Cisco support for 4-byte AS number is available in "Cisco IOS BGP 4-Byte ASN Support" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 6.7 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability CVSS Base Score - 5.4 Access Vector Network Access Complexity High Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 4.5 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this document may result in a reload of the device. The issue could result in repeated exploitation to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | |Recommended | |12.0-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.0 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DC |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.0(32)S11 | | | |are not vulnerable; first fixed in | | |12.0S |12.0(32)S14; | | | | | | | |Releases up to and including 12.0(33)S2 are| | | |not vulnerable; first fixed in 12.0(33)S5 | | |----------+-------------------------------------------+------------| |12.0SC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0ST |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10| | |are not vulnerable; first fixed in | | | |12.0(32)SY9a. | | |----------+-------------------------------------------+------------| |12.0SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0W |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XW |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.1-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.2-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.2 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2B |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EWA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2S |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SBC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SED |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SGA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2STE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXH |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.2(33)SXI | | |12.2SXI |are not vulnerable; CSCsy86021 first fixed | | | |in 12.2(33)SXI2; CSCta33973 first fixed in | | | |12.2(33)SXI3 | | |----------+-------------------------------------------+------------| |12.2SY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2TPC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNC |12.2(33)XNC2 | | |----------+-------------------------------------------+------------| |12.2XND |12.2(33)XND1; available 25th August 2009 | | |----------+-------------------------------------------+------------| |12.2XO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZYA |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.3-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.4-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.4 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4SW |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to 12.4(24)T are not | | |12.4T |vulnerable; first fixed in 12.4(24)T2 | | | |available on 23-Oct-2009 | | |----------+-------------------------------------------+------------| |12.4XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YD |Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Release Table +------------------------- +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | | | 2.1 | There are no affected 2.1 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | | | 2.2 | There are no affected 2.2 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | Releases up to and including 2.3.1t are vulnerable; | | 2.3 | First fixed in 2.3.2 | | Releases | | |----------+--------------------------------------------------------+ | Affected | Releases up to and including 2.4.0 are vulnerable; | | 2.4 | First fixed in 2.4.1, available 25th August 2009 | | Releases | | +----------+--------------------------------------------------------+ Workarounds =========== For the first vulnerability, there are no workarounds on the affected device. Neighbors could be configured to discard routes that have more than one thousand AS numbers in the AS-path segments. This configuration will help prevent the further propagation of BGP updates with the AS path segments made up of greater than one thousand AS numbers. Note: Configuring "bgp maxas-limit [value]" on the affected device does not mitigate this vulnerability. For the second vulnerability, configuring "bgp maxas-limit [value]" on the affected device does mitigate this vulnerability. Cisco is recommends using a conservative value of 100 to mitigate this vulnerability. Consult the document "Protecting Border Gateway Protocol for the Enterprise" at the following link for additional best practices on protecting BGP infrastructures: http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt at cisco.com or security-alert at cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac at cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of malicious exploitation of either of these vulnerabilities, although we are aware of some customers who have seen the first vulnerability triggered within their infrastructures. Further investigation of those incidents seems to indicate that the vulnerability has been accidentally triggered. These vulnerabilities were discovered via internal product testing. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce at cisco.com * first-bulletins at lists.first.org * bugtraq at securityfocus.com * vulnwatch at vulnwatch.org * cisco at spot.colorado.edu * cisco-nsp at puck.nether.net * full-disclosure at lists.grok.org.uk * comp.dcom.sys.cisco at newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2009-July-29 1600 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi I6XwyRZTnktw7RSnT6Y/N1E= =KmUm -----END PGP SIGNATURE-----