--On Friday, April 13, 2001 2:00 PM -0400 Adam Rothschild <asrLATENCY.NET>
wrote:

> On Wed, Apr 11, 2001 at 04:22:33PM -0700, Scott Raymond wrote:
>> By the way, I recently upgraded a PIX 515 at work. The folks at
>> Cisco inform me that the latest software binary image, 5.3.1, is
>> broken. They suggest upgrading to 5.2.5, which has all of the
>> updates in 5.3.1, including the elimination of the DoS
>> vulnerability.
>
> Interesting; definitely the first I've heard of this. Do you have any
> details of this reported brokenness, or perhaps a Cisco bug ID to
> reference?

5.3.1 does not log port numbers of denied UDP packets. There are also
issues with SSH and HA. Someday Cisco might actually release 5.3.(n>1),
since the fix for the logging problem has already been committed to 5.3.1+,
according to their bug database, but I'm not holding my breath.

--
Carson

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]