--On Friday, April 13, 2001 2:00 PM -0400 Adam Rothschild <asrat_private> wrote: > On Wed, Apr 11, 2001 at 04:22:33PM -0700, Scott Raymond wrote: >> By the way, I recently upgraded a PIX 515 at work. The folks at >> Cisco inform me that the latest software binary image, 5.3.1, is >> broken. They suggest upgrading to 5.2.5, which has all of the >> updates in 5.3.1, including the elimination of the DoS >> vulnerability. > > Interesting; definitely the first I've heard of this. Do you have any > details of this reported brokenness, or perhaps a Cisco bug ID to > reference? 5.3.1 does not log port numbers of denied UDP packets. There are also issues with SSH and HA. Someday Cisco might actually release 5.3.(n>1), since the fix for the logging problem has already been committed to 5.3.1+, according to their bug database, but I'm not holding my breath. -- Carson
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 11:34:07 PDT