01-16-2010 11:48 AM - edited 03-06-2019 09:19 AM
Hi all
Does anyone know if IOS version 12.1(27b)E4 protects against the above vulnerability (CVE-2008-4609)?
It's the latest available version of 12.1 in Software Centre for MSFC2 for a 6509 so it probably does but I need to know for sure.
The following doc http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml lists all software versions and fixes for most other IOS versions but doesn't specify the required version for 12.1E. It's on an old 6509 in Hybrid mode, upgrade to Native mode isn't an option at the moment.
Thanks in advance
01-16-2010 01:47 PM
I think 12.1 is considered a dead eol train at this point. That version you are looking at came out in early 2008 and that advisory late 2009 so no it would not be covered.
Update: I was correct , found this for that train. It also corresponds to the last release date which was March 2008 .
01-16-2010 02:09 PM
Thanks for replying, makes sense in terms of the dates involved. Do you know what the latest software versions you can have in Hybrid mode with Sup2/MSFC2? CatOS is 7.6(24a) as per the advisory. IOS is currently 12.1(27b)E4.
Just trying to figure out whether the IOS update required to comply with the advisory is gonna mean going to Native mode. I think anything from 12.2 onwards requires Sup720 upgrade and you guessed it, Sup upgrade not an option, the entire network is gonna be binned in 12 months but has to be compliant up till that time.
01-16-2010 05:08 PM
Unfortunetly I think your only options are going to be leave it like it is or go native . It looks like native does have an image that complies but you know the whole caveat that goes with that as far as nvram and flash capacity which will be considerably more for the native requirements. Here is the latest native image. Where I work we have a number of these under the same constraints and none of them have enough nvram and flash to upgrade so they are staying at the current version until they get replaced.
ENTERPRISE SERVICES SSH
s222-entservicesk9_wan-mz.122-18.SXF17.bin
Release Date: 30/Sep/2009
Size: 50152.04 KB (51355684 bytes)
Minimum Memory: DRAM:256 MB Flash:64 MB
Here are the bulletin fix releases so I think it falls under the fix version.
12.2SXF 12.2(18)SXF16 12.2(18)SXF17; Available on 30-SEP-2009
01-27-2010 02:06 AM
Hi there
Sorry for belated reply and thanks for your input Glen. TAC have confirmed the way to go is upgrade CatOS to 7.6(24a) and upgrade IOS to 12.2(18)SXF17, stay in Hybrid mode and upgrade any memory as required. Going to Native would be the obvious choice but the customer wants minimise time and money spent on this as they're walking away from it in Dec so they wanna avoid the big CatOS to IOS config rewrite!!
Thanks again!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: