[unisog] Collateral damage
jnduncan at cisco.com
Fri Jul 20 01:08:41 GMT 2001
Lucy E. Lynch writes:
> All -
> Note that "code red" attacks may also effect users running
> Cisco (675/678) DSL CPEs running any CBOS prior to 2.4.1.
> for details
Folks, please be aware of the advisories we posted on multiple CBOS
issues affecting those devices at http://www.cisco.com/go/psirt/.
Despite the fact that the advisories are from last winter, there are
still a lot of DSL customers that have not been upgraded. Those CPEs
will continue to be vulnerable to the URI used by the "Code Red" worm.
The device will *NOT* become a vector for infection. The device simply
"locks up" due to the malformed HTTP request, and the power has to be
cycled for it to resume service.
Thanks, Lucy, for making sure folks were aware of that problem.
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
E-mail: <jnduncan at cisco.com> Phone(Direct/FAX): +1 919 392 6209
More information about the unisog