[20315] in bugtraq
Re: PIX Firewall 5.1 DoS Vulnerability
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Thu Apr 19 14:20:42 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-ID: <4050549809.987598060@athyra>
Date: Wed, 18 Apr 2001 12:47:40 -0700
Reply-To: Carson Gaspar <carson@TALTOS.ORG>
From: Carson Gaspar <carson@TALTOS.ORG>
X-To: Adam Rothschild <asr@LATENCY.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010413140015.C24467@og.latency.net>
--On Friday, April 13, 2001 2:00 PM -0400 Adam Rothschild <asr@LATENCY.NET>
wrote:
> On Wed, Apr 11, 2001 at 04:22:33PM -0700, Scott Raymond wrote:
>> By the way, I recently upgraded a PIX 515 at work. The folks at
>> Cisco inform me that the latest software binary image, 5.3.1, is
>> broken. They suggest upgrading to 5.2.5, which has all of the
>> updates in 5.3.1, including the elimination of the DoS
>> vulnerability.
>
> Interesting; definitely the first I've heard of this. Do you have any
> details of this reported brokenness, or perhaps a Cisco bug ID to
> reference?
5.3.1 does not log port numbers of denied UDP packets. There are also
issues with SSH and HA. Someday Cisco might actually release 5.3.(n>1),
since the fix for the logging problem has already been committed to 5.3.1+,
according to their bug database, but I'm not holding my breath.
--
Carson
