Wired put together an article about how ISS is sitting on a number of Cisco vulnerabilities. Apparently, according to Mike Lynn, there are a number of as-yet undisclosed issues with Cisco.
"That's the one that really scares me," Lynn said, noting that the bug he revealed in July only affected routers configured in certain ways or with certain features. The new one, he said, "is in a piece of code that is so critical to the system that just about every configuration will have it. It's more part of the core code and less of a feature set,"
Is it just me or does anybody else think it's bad form to spread this kind of FUD when it's somebody else's vulnerability to disclose (in this case ISS) and there's no vendor fix. Thanks Mike for getting us all frothed up and not giving us anywhere to go...