mailing list archives
Re: Cisco TFTPD 1.1 Vulerablity
From: Jim Duncan <jnduncan () cisco com>
Date: Mon, 18 Jun 2001 19:21:03 -0400
[Sentry Research Labs - ID0201061701]
(c) 2001 by www.sentry-labs.com
Security Bug in CISCO TFTPD server 1.1
Just for the record, I checked with my teammates and can't find any
record that you contacted the Cisco Product Security Incident Response
Team (PSIRT). We're the group that handles vulnerabilities in all
Cisco products and we're easily reachable. It would've been more
helpful if you had contacted us privately beforehand and given us an
opportunity to make fixed code available before you posted the
If you did contact someone at Cisco, could you let us know who that was
so we can follow up with that person? We'd like to make sure the
process works as best as it can. If I am in error, please correct me.
I have not yet validated the vulnerability, but will look into it as
soon as possible.
Regardless of the path the report took to get to us, we appreciate the
time and effort that goes into such reporting. Ultimately, everybody
benefits from full disclosure of product security vulnerabilities.
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
E-mail: <jnduncan () cisco com> Phone(Direct/FAX): +1 919 392 6209