Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [VulnWatch] Cisco Security Advisory: IOS Heap-based Overflow Vulnerability in System Timers



> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Cisco Security Advisory: 
> ========================
> IOS Heap-based Overflow Vulnerability in System Timers
> ======================================================
> 
> Document ID: 68064
> 
> Revision 1.0
> 
> For Public Release 2005 November 2 1600 UTC (GMT)
> 
> - 
> --------------------------------------------------------------
> ---------
> 
> Contents
> ========
> 
>     Summary
>     Affected Products
>     Background Information Regarding Heap Overflows
>     Details
>     Impact
>     Software Versions and Fixes
>     Obtaining Fixed Software
>     Workarounds
>     Exploitation and Public Announcements
>     Status of This Notice: FINAL
>     Distribution
>     Revision History
>     Cisco Security Procedures
> 
> - 
> --------------------------------------------------------------
> ---------
> 
> Summary
> =======
> 
> The Cisco Internetwork Operating System (IOS) may permit 
> arbitrary code
> execution after exploitation of a heap-based buffer overflow
> vulnerability. Cisco has included additional integrity checks in its
> software, as further described below, that are intended to reduce the
> likelihood of arbitrary code execution.
> 
> Cisco has made free software available that includes the additional
> integrity checks for affected customers.
> 
> This advisory is posted at 
> http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
> 
> Cisco is not aware of any active exploitation of this vulnerability.
> This advisory documents changes to Cisco IOS? as a result of continued
> research related to the demonstration of the exploit for another
> vulnerability which occurred in July 2005 at the Black Hat USA
> Conference. Cisco addressed the IPv6 attack vector used in that
> demonstration in a separate advisory published on July 29, 2005.
> 
> Affected Products
> =================
> 
> This security advisory applies to all Cisco products that run 
> Cisco IOS
> Software. Any version of Cisco IOS prior to the versions listed in the
> Fixed Software table below may be susceptible to heap overflow
> exploitation.
> 
> Cisco IOS XR is not affected.
> 
> To determine the software running on a Cisco product, log in to the
> device and issue the "show version" command to display the 
> system banner.
> Cisco IOS Software will identify itself as "Internetwork Operating
> System Software" or simply "IOS". On the next line of output, 
> the image
> name will be displayed between parentheses, followed by "Version" and
> the IOS release name. Other Cisco devices will not have the 
> "show version" command or will give different output.
> 
> The following example identifies a Cisco product running IOS release
> 12.3(6) with an installed image name of C3640-I-M:
> 
>     Cisco Internetwork Operating System Software
>     IOS (tm) 3600 Software (C3640-I-M), Version 12.3(6), 
> RELEASE SOFTWARE (fc3)
> 
> 
> The next example shows a product running IOS release 
> 12.3(11)T3 with an
> image name of C3845-ADVIPSERVICESK9-M:
> 
>     Cisco IOS Software, 3800 Software 
> (C3845-ADVIPSERVICESK9-M), Version 12.3(11)T3, RELEASE SOFTWARE (fc4)
>     Technical Support: http://www.cisco.com/techsupport
>     Copyright (c) 1986-2005 by Cisco Systems, Inc.
> 
> 
> Additional information about Cisco IOS release naming can be found at
> http://www.cisco.com/warp/public/620/1.html.
> 
> No other Cisco products are currently known to be affected by the
> vulnerability addressed in this advisory.
> 
> Background Information Regarding Heap Overflows
> ===============================================
> 
> As this security advisory pertains to heap overflows, the following
> additional information is provided to aid in understanding the
> terminology used in this advisory.
> 
> RFC 2828 defines a vulnerability as "A flaw or weakness in a system's
> design, implementation, or operation and management that could be
> exploited to violate the system's security policy." The 
> threat from any
> particular vulnerability in a system or a protocol depends on the ease
> and likelihood in which the normal operations of a system can be
> disrupted or compromised. In order to minimize the threat, each
> possible attack vector for a particular vulnerability should either be
> mitigated with protections which may prevent the 
> circumstances required
> for exploitation or remediated with software that no longer contains
> the vulnerability.
> 
> Many forms of malicious software, commonly known as 
> "exploits", contain
> a payload that seeks to disrupt or compromise a system delivered
> through well-known attack vectors for particular vulnerabilities. In
> cases where it is likely that unpatched vulnerable systems exist,
> counter-measures are often employed to attempt to block any and all
> attack vectors to minimize the threat of successful exploitation. One
> popular attack method often found in the payload of exploits is known
> as a buffer overflow.
> 
> A heap-based overflow is a type of buffer overflow against a data
> structure residing within the memory heap. The memory heap is 
> a section
> of system memory used by the operating system of the device to satisfy
> the dynamic data storage requirements for currently running processes.
> In a successful heap-based overflow, the operating system fails to
> enforce bounds checking on a buffer, thus allowing for the possibility
> of overwriting adjacent locations in system memory.
> 
> The threat from buffer overflows, like the one described in this
> advisory, may be remediated in multiple ways. One way is to remove the
> particular attack vector so that it no longer exists. Another 
> way is to
> employ protections in the underlying system to minimize the
> consequences of any future buffer overflow vulnerabilities that may be
> discovered.
> 
> Details
> =======
> 
> Cisco IOS may be susceptible to remote code execution through attack
> vectors such as specific heap-based overflows in which internal
> operating system timers may execute arbitrary code from portions of
> memory that have been overwritten via exploitation.
> 
> In many cases, a heap-based overflow in Cisco IOS will simply corrupt
> system memory and trigger a system reload when detected by the "Check
> Heaps" process, which constantly monitors for such memory corruption.
> In a successful attack against an appropriate heap-based overflow, it
> is possible to achieve code execution without the device crashing
> immediately.
> 
> Cisco has devised counter-measures by implementing extra checks to
> enforce the proper integrity of system timers. This extra validation
> should reduce the possibility of heap-based overflow attack vectors
> achieving remote code execution.
> 
> These improvements have been documented in Cisco Bug ID CSCei61732. 
> 
> 
> Impact
> ======
> 
> Successful exploitations of heap-based buffer overflow vulnerabilities
> in Cisco IOS software often result in a Denial of Service because the
> exploit causes the router to crash and reload due to 
> inconsistencies in
> running memory. In some cases it is possible to overwrite areas of
> system memory and execute arbitrary code from those locations. In the
> event of successful remote code execution, device integrity will have
> been completely compromised.
> 
> Software Versions and Fixes
> ===========================
> 
> When considering software upgrades, please also consult 
> http://www.cisco.com/en/US/products/products_security_advisori
> es_listing.html
> and any subsequent advisories to determine exposure and a complete
> upgrade solution.
> 
> In all cases, customers should exercise caution to be certain the
> devices to be upgraded contain sufficient memory and that current
> hardware and software configurations will continue to be supported
> properly by the new release. If the information is not clear, contact
> the Cisco Technical Assistance Center ("TAC") for assistance.
> 
> Each row of the Cisco IOS software table (below) describes a release
> train and the platforms or products for which it is intended. If a
> given release train is vulnerable, then the earliest possible releases
> that contain the fix (the "First Fixed Release") and the anticipated
> date of availability for each are listed in the "Rebuild" and
> "Maintenance" columns. A device running a release in the given train
> that is earlier than the release in a specific column (less than the
> First Fixed Release) is known to be vulnerable. The release should be
> upgraded at least to the indicated release or a later version (greater
> than or equal to the First Fixed Release label).
> 
> For further information on the terms "Rebuild" and "Maintenance,"
> please consult the following URL: 
> http://www.cisco.com/warp/public/620/1.html.
> 
> +------------------------------------------------------+
> |   Major    |    Availability of Repaired Releases    |
> |  Release   |                                         |
> |------------+-----------------------------------------|
> |  Affected  |                    |                    |
> | 12.0-Based |      Rebuild       |    Maintenance     |
> |  Release   |                    |                    |
> |------------+--------------------+--------------------|
> | 12.0       | 12.0(28d)          |                    |
> |------------+-----------------------------------------|
> | 12.0DA     | Vulnerable; migrate to 12.2(12)DA9 or   |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0DB     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0DC     | Vulnerable; migrate to 12.2(15)BC2i or  |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.0(28)S5         |                    |
> |            |--------------------+--------------------|
> | 12.0S      | 12.0(30)S4         |                    |
> |            |--------------------+--------------------|
> |            | 12.0(31)S1         |                    |
> |------------+-----------------------------------------|
> | 12.0SC     | Vulnerable; migrate to 12.2(15)BC2i or  |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0SL     | Vulnerable; migrate to 12.0(31)S1 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0SP     | Vulnerable; migrate to 12.0(31)S1 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0ST     | Vulnerable; migrate to 12.0(31)S1 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0SX     | Vulnerable; contact TAC                 |
> |------------+-----------------------------------------|
> | 12.0SZ     | Vulnerable; migrate to 12.0(31)S1 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0T      | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.0(25)W5-27d     |                    |
> |            |--------------------+--------------------|
> | 12.0W5     | 12.0(28)W5-30b     |                    |
> |            |--------------------+--------------------|
> |            | 12.0(28)W5-32a     |                    |
> |------------+--------------------+--------------------|
> | 12.0WC     | 12.0(5)WC13        |                    |
> |------------+-----------------------------------------|
> | 12.0XA     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XB     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XC     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XD     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XE     | Vulnerable; migrate to 12.1(26)E3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XF     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XG     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XH     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XI     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XJ     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XK     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XL     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XM     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XN     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XQ     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XR     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XS     | Vulnerable; migrate to 12.1(26)E3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.0XV     | Vulnerable; migrate to 12.1(27b) or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | Affected   |                    |                    |
> | 12.1-Based | Rebuild            | Maintenance        |
> | Release    |                    |                    |
> |------------+--------------------+--------------------|
> | 12.1       | 12.1(27b)          |                    |
> |------------+-----------------------------------------|
> | 12.1AA     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | Vulnerable; for c3750-ME, migrate to    |
> | 12.1AX     | 12.2(25)EY3 or later. For c2970 and     |
> |            | 3750, migrate to 12.2(25)SEB4, 12.2(25) |
> |            | SEC2, 12.2(25)SED or later.             |
> |------------+-----------------------------------------|
> | 12.1AY     | Vulnerable; migrate to 12.1(22)EA4a,    |
> |            | 12.1(22)EA5a, 12.2(22)EA6 or later      |
> |------------+-----------------------------------------|
> | 12.1AZ     | Vulnerable; migrate to 12.1(22)EA4a,    |
> |            | 12.1(22)EA5a, 12.2(22)EA6 or later      |
> |------------+-----------------------------------------|
> | 12.1CX     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1DA     | Vulnerable; migrate to 12.2(12)DA9 or   |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1DB     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1DC     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.1(8b)E20        |                    |
> |            |--------------------+--------------------|
> |            | 12.1(13)E17        |                    |
> | 12.1E      |--------------------+--------------------|
> |            | 12.1(23)E4         |                    |
> |            |--------------------+--------------------|
> |            | 12.1(26)E3         |                    |
> |------------+--------------------+--------------------|
> |            | 12.1(22)EA4a       | 12.1(22)EA6        |
> | 12.1EA     |--------------------+--------------------|
> |            | 12.1(22)EA5a       |                    |
> |------------+--------------------+--------------------|
> | 12.1EB     | 12.1(26)EB1        |                    |
> |------------+-----------------------------------------|
> | 12.1EC     | Vulnerable; migrate to 12.2(15)BC2i or  |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1EO     | 12.1(20)EO3,       |                    |
> |            | available 11/30/05 |                    |
> |------------+-----------------------------------------|
> | 12.1EU     | Vulnerable; migrate to 12.2(20)EU2 or   |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1EV     | Vulnerable; migrate to 12.2(26)SV1 or   |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.1(12c)EW4       |                    |
> |            |--------------------+--------------------|
> |            | 12.1(13)EW4        |                    |
> | 12.1EW     |--------------------+--------------------|
> |            | 12.1(19)EW3        |                    |
> |            |--------------------+--------------------|
> |            | 12.1(20)EW4        |                    |
> |------------+-----------------------------------------|
> | 12.1EX     | Vulnerable; migrate to 12.1(26)E3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1EY     | Vulnerable; migrate to 12.1(26)E3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1EZ     | Vulnerable; migrate to 12.1(26)E3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1T      | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XA     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XB     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XC     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XD     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XE     | Vulnerable; migrate to 12.1(26)E3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XF     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XG     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XH     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XI     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XJ     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XL     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XM     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XP     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XQ     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XR     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XS     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XT     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XU     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XV     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XW     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XX     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1XY     | Vulnerable; migrate to 12.2(31) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YA     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YB     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YC     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YD     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YE     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YF     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YH     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YI     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.1YJ     | Vulnerable; migrate to 12.1(22)EA4a,    |
> |            | 12.1(22)EA5a, 12.1(22)EA6 or later      |
> |------------+-----------------------------------------|
> | Affected   |                    |                    |
> | 12.2-Based | Rebuild            | Maintenance        |
> | Release    |                    |                    |
> |------------+--------------------+--------------------|
> |            | 12.2(12m)          |                    |
> |            |--------------------+--------------------|
> |            | 12.2(17f)          |                    |
> |            |--------------------+--------------------|
> |            | 12.2(23f)          |                    |
> |            |--------------------+--------------------|
> | 12.2       | 12.2(26b)          |                    |
> |            |--------------------+--------------------|
> |            | 12.2(27b)          |                    |
> |            |--------------------+--------------------|
> |            | 12.2(28c)          |                    |
> |            |--------------------+--------------------|
> |            | 12.2(29a)          | 12.2(31)           |
> |------------+-----------------------------------------|
> | 12.2B      | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2BC     | 12.2(15)BC2i       |                    |
> |------------+-----------------------------------------|
> | 12.2BX     | Vulnerable; migrate to 12.3(7)XI7,      |
> |            | available 15-Nov-2005                   |
> |------------+-----------------------------------------|
> | 12.2BY     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2BZ     | Vulnerable; migrate to 12.3(7)XI7,      |
> |            | available 15-Nov-2005                   |
> |------------+-----------------------------------------|
> | 12.2CX     | Vulnerable; migrate to 12.2(15)BC2i or  |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2CY     | Vulnerable; migrate to 12.2(15)BC2i or  |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.2(15)CZ3,       |                    |
> | 12.2CZ     | available          |                    |
> |            | 3-Nov-2005         |                    |
> |------------+--------------------+--------------------|
> |            | 12.2(10)DA4        |                    |
> | 12.2DA     |--------------------+--------------------|
> |            | 12.2(12)DA9        |                    |
> |------------+-----------------------------------------|
> | 12.2DD     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2DX     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2EU     | 12.2(20)EU2        |                    |
> |------------+--------------------+--------------------|
> |            | 12.2(18)EW5        |                    |
> | 12.2EW     |--------------------+--------------------|
> |            | 12.2(20)EW3        |                    |
> |------------+--------------------+--------------------|
> |            | 12.2(20)EWA3       |                    |
> |            |--------------------+--------------------|
> | 12.2EWA    | 12.2(25)EWA3       |                    |
> |            |--------------------+--------------------|
> |            | 12.2(25)EWA4       |                    |
> |------------+--------------------+--------------------|
> |            |                    | 12.2(25)EX,        |
> | 12.2EX     |                    | available          |
> |            |                    | 03-Nov-2005        |
> |------------+--------------------+--------------------|
> | 12.2EY     | 12.2(25)EY3        | Migrate to 12.2    |
> |            |                    | (25)SED            |
> |------------+-----------------------------------------|
> | 12.2EZ     | Vulnerable; migrate to 12.2(25)SEC2,    |
> |            | 12.2(25)SED or later                    |
> |------------+-----------------------------------------|
> |            |                    | 12.2(25)FX,        |
> | 12.2FX     |                    | available          |
> |            |                    | 07-Nov-2005        |
> |------------+--------------------+--------------------|
> | 12.2FY     |                    | 12.2(25)FY         |
> |------------+-----------------------------------------|
> | 12.2JA     | Vulnerable; migrate to 12.3(7)JA1 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2JK     | 12.2(15)JK5        |                    |
> |------------+--------------------+--------------------|
> | 12.2MB     | 12.2(4)MB13c       |                    |
> |------------+--------------------+--------------------|
> | 12.2MC     | 12.2(15)MC2e       |                    |
> |------------+--------------------+--------------------|
> |            | 12.2(14)S15        |                    |
> |            |--------------------+--------------------|
> |            | 12.2(18)S10        |                    |
> |            |--------------------+--------------------|
> |            | 12.2(20)S9         |                    |
> | 12.2S      |--------------------+--------------------|
> |            | 12.2(25)S6         |                    |
> |            |--------------------+--------------------|
> |            | 12.2(30)S1,        |                    |
> |            | available          |                    |
> |            | 14-Nov-2005        |                    |
> |------------+--------------------+--------------------|
> | 12.2SBC    |                    | 12.2(27)SBC        |
> |------------+--------------------+--------------------|
> |            | 12.2(25)SEB4       | 12.2(25)SED        |
> | 12.2SE     |--------------------+--------------------|
> |            | 12.2(25)SEC2       |                    |
> |------------+--------------------+--------------------|
> | 12.2SG     |                    | 12.2(25)SG         |
> |------------+--------------------+--------------------|
> | 12.2SO     | 12.2(18)SO4        |                    |
> |------------+-----------------------------------------|
> | 12.2SU     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.2(26)SV1        |                    |
> |            |--------------------+--------------------|
> | 12.2SV     | 12.2(27)SV1,       |                    |
> |            | available          |                    |
> |            | 15-Nov-2005        |                    |
> |------------+--------------------+--------------------|
> |            |                    | 12.2(25)SW4        |
> | 12.2SW     |--------------------+--------------------|
> |            |                    | 12.2(25)SW4a       |
> |------------+-----------------------------------------|
> | 12.2SX     | Vulnerable; migrate to 12.2(17d)SXB10   |
> |            | or later                                |
> |------------+-----------------------------------------|
> | 12.2SXA    | Vulnerable; migrate to 12.2(17d)SXB10   |
> |            | or later                                |
> |------------+-----------------------------------------|
> | 12.2SXB    | 12.2(17d)SXB10     |                    |
> |------------+--------------------+--------------------|
> | 12.2SXD    | 12.2(18)SXD6       |                    |
> |------------+--------------------+--------------------|
> | 12.2SXE    | 12.2(18)SXE3       |                    |
> |------------+--------------------+--------------------|
> | 12.2SXF    |                    | 12.2(18)SXF        |
> |------------+-----------------------------------------|
> | 12.2SY     | Vulnerable; migrate to 12.2(17d)SXB10   |
> |            | or later                                |
> |------------+-----------------------------------------|
> | 12.2SZ     | Vulnerable; migrate to 12.2(25)S6 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2T      | 12.2(15)T17        |                    |
> |------------+--------------------+--------------------|
> | 12.2TPC    | 12.2(8)TPC10a,     |                    |
> |            | available TBD      |                    |
> |------------+-----------------------------------------|
> | 12.2XA     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XB     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XC     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XD     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XE     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XF     | Vulnerable; migrate to 12.2(15)BC2i or  |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XG     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XH     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XI     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XJ     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XK     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XL     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XM     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XN     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XQ     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.2(2)XR and 12.2(4)XR vulnerable,     |
> |            | migrate to 12.3(16) or later            |
> | 12.2XR     |-----------------------------------------|
> |            | 12.2(15)XR vulnerable; migrate to 12.3  |
> |            | (7)JA1                                  |
> |------------+-----------------------------------------|
> | 12.2XS     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XT     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XU     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XV     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2XW     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YA     | 12.2(4)YA11,       |                    |
> |            | available TBD      |                    |
> |------------+-----------------------------------------|
> | 12.2YB     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YC     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YD     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YE     | Vulnerable; migrate to 12.2(25)S6 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YF     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YG     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YH     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YJ     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YK     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YL     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YM     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YN     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YO     | Vulnerable; migrate to 12.2(17d)SXB10   |
> |            | or later                                |
> |------------+-----------------------------------------|
> | 12.2YP     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YQ     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YR     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YS     |                    | 12.2(15)YS         |
> |------------+-----------------------------------------|
> | 12.2YT     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YU     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YV     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YW     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YX     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YY     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2YZ     | Vulnerable; migrate to 12.2(25)S6 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2ZA     | Vulnerable; migrate to 12.2(17d)SXB10   |
> |            | or later                                |
> |------------+-----------------------------------------|
> | 12.2ZB     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2ZC     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2ZD     | 12.2(13)ZD4        |                    |
> |------------+-----------------------------------------|
> | 12.2ZE     | Vulnerable; migrate to 12.3(16) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2ZF     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | Vulnerable; migrate to 12.3(8)YG3 or    |
> | 12.2ZG     | later for SOHO9x migrate to 12.3(2)XA5  |
> |            | or later for c83x                       |
> |------------+-----------------------------------------|
> | 12.2ZH     | 12.2(13)ZH8,       |                    |
> |            | available TBD      |                    |
> |------------+-----------------------------------------|
> | 12.2ZJ     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | Vulnerable; migrate to 12.3(4)XK4 or    |
> | 12.2ZL     | later for c17xx migrate to 12.4(3a) or  |
> |            | later for c3200 migrate to 12.3(7)XR6   |
> |            | or later for ICS7750                    |
> |------------+-----------------------------------------|
> | 12.2ZN     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.2ZP     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | Affected   |                    |                    |
> | 12.3-Based | Rebuild            | Maintenance        |
> | Release    |                    |                    |
> |------------+--------------------+--------------------|
> |            | 12.3(3i)           |                    |
> |            |--------------------+--------------------|
> |            | 12.3(5f)           |                    |
> |            |--------------------+--------------------|
> |            | 12.3(6f)           |                    |
> |            |--------------------+--------------------|
> |            | 12.3(9e)           |                    |
> | 12.3       |--------------------+--------------------|
> |            | 12.3(10e)          |                    |
> |            |--------------------+--------------------|
> |            | 12.3(12e)          |                    |
> |            |--------------------+--------------------|
> |            | 12.3(13b)          |                    |
> |            |--------------------+--------------------|
> |            | 12.3(15b)          | 12.3(16)           |
> |------------+-----------------------------------------|
> | 12.3B      | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.3(9a)BC7        |                    |
> | 12.3BC     |--------------------+--------------------|
> |            | 12.3(13a)BC1       |                    |
> |------------+-----------------------------------------|
> | 12.3BW     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.3(2)JA5         |                    |
> |            |--------------------+--------------------|
> | 12.3JA     | 12.3(4)JA1         |                    |
> |            |--------------------+--------------------|
> |            | 12.3(7)JA1         |                    |
> |------------+--------------------+--------------------|
> | 12.3JK     | 12.3(2)JK1         |                    |
> |------------+--------------------+--------------------|
> | 12.3JX     | 12.3(7)JX          |                    |
> |------------+--------------------+--------------------|
> |            | 12.3(7)T12         |                    |
> |            |--------------------+--------------------|
> |            | 12.3(8)T11         |                    |
> | 12.3T      |--------------------+--------------------|
> |            | 12.3(11)T8         |                    |
> |            |--------------------+--------------------|
> |            | 12.3(14)T4         |                    |
> |------------+--------------------+--------------------|
> | 12.3TPC    | 12.3(4)TPC11a      |                    |
> |------------+--------------------+--------------------|
> | 12.3XA     | 12.3(2)XA5,        |                    |
> |            | available TBD      |                    |
> |------------+-----------------------------------------|
> | 12.3XB     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XC     | 12.3(2)XC4         |                    |
> |------------+-----------------------------------------|
> | 12.3XD     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XE     | 12.3(4)XE4,        |                    |
> |            | available TBD      |                    |
> |------------+-----------------------------------------|
> | 12.3XF     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XG     | 12.3(4)XG5         |                    |
> |------------+-----------------------------------------|
> | 12.3XH     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | 12.3(7)XI7,        |                    |
> | 12.3XI     | available          |                    |
> |            | 15-Nov-2005        |                    |
> |------------+-----------------------------------------|
> | 12.3XJ     | Vulnerable; migrate to 12.3(11)YF4 or   |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XK     | 12.3(4)XK4         |                    |
> |------------+-----------------------------------------|
> | 12.3XM     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XQ     | Vulnerable; migrate to 12.4(3a) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XR     | 12.3(7)XR6         |                    |
> |------------+-----------------------------------------|
> | 12.3XS     | Vulnerable; migrate to 12.4(3a) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XU     | Vulnerable; migrate to 12.4(2)T1 or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XW     | Vulnerable; migrate to 12.3(11)YF4 or   |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XX     | Vulnerable; migrate to 12.4(3a) or      |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3XY     | Vulnerable; migrate to 12.3(14)T4 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> |            | Vulnerable; migrate to 12.4(3a) or      |
> | 12.3YA     | later for C828; migrate to 12.3(8)YG3   |
> |            | or later for SOHO9x, C83x               |
> |------------+-----------------------------------------|
> | 12.3YD     | Vulnerable; migrate to 12.4(2)T1 or     |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3YF     | 12.3(11)YF4        |                    |
> |------------+--------------------+--------------------|
> | 12.3YG     | 12.3(8)YG3         |                    |
> |------------+-----------------------------------------|
> | 12.3YH     | Vulnerable; migrate to 12.3(8)YI3 or    |
> |            | later                                   |
> |------------+-----------------------------------------|
> | 12.3YI     | 12.3(8)YI3         |                    |
> |------------+--------------------+--------------------|
> | 12.3YJ     | 12.3(14)YQ3        |                    |
> |------------+--------------------+--------------------|
> | 12.3YK     | 12.3(11)YK2        |                    |
> |------------+--------------------+--------------------|
> | 12.3YQ     | 12.3(14)YQ3        |                    |
> |------------+--------------------+--------------------|
> | 12.3YS     | 12.3(11)YS1        |                    |
> |------------+--------------------+--------------------|
> | 12.3YT     | 12.3(14)YT1        |                    |
> |------------+--------------------+--------------------|
> | 12.3YU     | 12.3(14)YU1        |                    |
> |------------+--------------------+--------------------|
> | Affected   |                    |                    |
> | 12.4-Based | Rebuild            | Maintenance        |
> | Release    |                    |                    |
> |------------+--------------------+--------------------|
> |            | 12.4(1b)           |                    |
> | 12.4       |--------------------+--------------------|
> |            | 12.4(3a)           |                    |
> |------------+--------------------+--------------------|
> | 12.4MR     |                    | 12.4(2)MR1         |
> |------------+--------------------+--------------------|
> | 12.4T      | 12.4(2)T1          |                    |
> |------------+--------------------+--------------------|
> | 12.4XA     |                    | 12.4(2)XA          |
> |------------+--------------------+--------------------|
> |            |                    | 12.4(2)XB,         |
> | 12.4XB     |                    | available          |
> |            |                    | 18-Nov-2005        |
> +------------------------------------------------------+
> 
> Obtaining Fixed Software
> ========================
> 
> Customers with Service Contracts
> +-------------------------------
> 
> Customers with contracts should obtain upgraded software through their
> regular update channels. For most customers, this means that upgrades
> should be obtained through the Software Center on Cisco's worldwide
> website at http://www.cisco.com.
> 
> Customers using Third-party Support Organizations
> +------------------------------------------------
> 
> Customers whose Cisco products are provided or maintained 
> through prior
> or existing agreement with third-party support organizations such as
> Cisco Partners, authorized resellers, or service providers should
> contact that support organization for assistance with the upgrade,
> which should be free of charge.
> 
> Customers without Service Contracts
> +----------------------------------
> 
> Customers who purchase direct from Cisco but who do not hold a Cisco
> service contract and customers who purchase through 
> third-party vendors
> but are unsuccessful at obtaining fixed software through 
> their point of
> sale should get their upgrades by contacting the Cisco Technical
> Assistance Center (TAC). TAC contacts are as follows.
> 
>   * +1 800 553 2447 (toll free from within North America)
>   * +1 408 526 7209 (toll call from anywhere in the world)
>   * e-mail: tac@xxxxxxxxx
> 
> Please have your product serial number available and give the URL of
> this notice as evidence of your entitlement to a free upgrade. Free
> upgrades for non-contract customers must be requested through the TAC.
> 
> Please do not contact either "psirt@xxxxxxxxx" or
> "security-alert@xxxxxxxxx" for software upgrades.
> 
> See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
> additional TAC contact information, including special localized
> telephone numbers and instructions and e-mail addresses for use in
> various languages.
> 
> Customers may only install and expect support for the feature 
> sets they
> have purchased. By installing, downloading, accessing or otherwise
> using such software upgrades, customers agree to be bound by the terms
> of Cisco's software license terms found at 
> http://www.cisco.com/public/sw-license-agreement.html, or as 
> otherwise 
> set forth at Cisco.com Downloads at 
> http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
> 
> Workarounds
> ===========
> 
> There are no workarounds or configuration changes that will implement
> counter-measures equivalent to the increased integrity checks 
> on system
> timers that have been introduced. In order to reduce the potential for
> system timer-related arbitrary code execution, an IOS upgrade is
> necessary.
> 
> Successful exploitation requires an appropriate attack vector such as
> the vulnerability described in 
> http://www.cisco.com/warp/publics/707/cisco-sa-20050729-ipv6.shtml. 
> Vulnerability specific workarounds and mitigation steps may help to 
> minimize the threat to the device by removing or minimizing the 
> available attack vectors, but the device could still be vulnerable 
> through any other attack vectors in which a software fix or 
> mitigation 
> has not been implemented.
> 
> Exploitation and Public Announcements
> =====================================
> 
> The Cisco PSIRT is not aware of malicious use of the vulnerability
> described in this advisory. Exploit code exists for this 
> vulnerability.
> It was used in a demonstration by Mike Lynn on July 27, 2005 at the
> Black Hat USA 2005 security conference where a heap overflow via an
> IPv6 attack vector achieved remote code execution. The IPv6 attack
> vector was addressed separately in a Cisco security advisory released
> on July 29, 2005.
> 
> Status of This Notice: FINAL
> ============================
> 
> THIS ADVISORY IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
> KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF
> MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE ADVISORY OR
> MATERIALS LINKED FROM THE ADVISORY IS AT YOUR OWN RISK. CISCO RESERVES
> THE RIGHT TO CHANGE OR UPDATE THIS NOTICE AT ANY TIME.
> 
> A stand-alone copy or paraphrase of the text of this security advisory
> that omits the distribution URL in the following section is an
> uncontrolled copy, and may lack important information or contain
> factual errors.
> 
> Distribution
> ============
> 
> This advisory is posted on Cisco's worldwide website at 
> http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
> 
> In addition to worldwide web posting, a text version of this notice is
> clear-signed with the Cisco PSIRT PGP key and is posted to the
> following e-mail and Usenet news recipients.
> 
>   * cust-security-announce@xxxxxxxxx
>   * first-teams@xxxxxxxxx (includes CERT/CC)
>   * bugtraq@xxxxxxxxxxxxxxxxx
>   * vulnwatch@xxxxxxxxxxxxx
>   * cisco@xxxxxxxxxxxxxxxxx
>   * cisco-nsp@xxxxxxxxxxxxxxx
>   * full-disclosure@xxxxxxxxxxxxxxxxx
>   * comp.dcom.sys.cisco@xxxxxxxxxxxxxxxxxx
> 
> Future updates of this advisory, if any, will be placed on Cisco's
> worldwide website, but may or may not be actively announced on mailing
> lists or newsgroups. Users concerned about this problem are encouraged
> to check the above URL for any updates.
> 
> Revision History
> ================
> 
> +----------------------------------------------------+
> |              |            |                        |
> | Revision 1.0 | 2-Nov-2005 | Initial public release |
> |              |            |                        |
> +----------------------------------------------------+
> 
> Cisco Security Procedures
> =========================
> 
> Complete information on reporting security vulnerabilities in Cisco
> products, obtaining assistance with security incidents, and 
> registering
> to receive security information from Cisco, is available on Cisco's
> worldwide website at 
> http://www.cisco.com/en/US/products/products_security_vulnerab
> ility_policy.html.
> This includes instructions for press inquiries regarding 
> Cisco security 
> notices. All Cisco security advisories are available at 
> http://www.cisco.com/go/psirt.
> 
> - 
> --------------------------------------------------------------
> ---------
> 
> All contents are Copyright 1992-2005 Cisco Systems, Inc. All rights
> reserved. 
> 
> - 
> --------------------------------------------------------------
> ---------
> 
> Updated: Nov 02, 2005                                Document 
> ID: 68064
> 
> - 
> --------------------------------------------------------------
> ---------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> 
> iD8DBQFDaOt+ezGozzK2tZARArUkAKCbXRtfxKZDQ3T5x3NDU09kMiMdgACggaVp
> BH34hLlTWTtB/YyiMkOhiBY=
> =qUE2
> -----END PGP SIGNATURE-----
> 




 




Copyright © Lexa Software, 1996-2009.