Re: PIX Firewall 5.1 DoS Vulnerability

From: Carson Gaspar (carsonat_private)
Date: Wed Apr 18 2001 - 12:47:40 PDT

Next message: r0otat_private: "Oracle8 denial of service"

Previous message: MegaZone: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
In reply to: Adam Rothschild: "Re: PIX Firewall 5.1 DoS Vulnerability"
Next in thread: Snow, Corey: "Re: PIX Firewall 5.1 DoS Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On Friday, April 13, 2001 2:00 PM -0400 Adam Rothschild <asrat_private>
wrote:

> On Wed, Apr 11, 2001 at 04:22:33PM -0700, Scott Raymond wrote:
>> By the way, I recently upgraded a PIX 515 at work.  The folks at
>> Cisco inform me that the latest software binary image, 5.3.1, is
>> broken.  They suggest upgrading to 5.2.5, which has all of the
>> updates in 5.3.1, including the elimination of the DoS
>> vulnerability.
>
> Interesting; definitely the first I've heard of this.  Do you have any
> details of this reported brokenness, or perhaps a Cisco bug ID to
> reference?

5.3.1 does not log port numbers of denied UDP packets. There are also
issues with SSH and HA. Someday Cisco might actually release 5.3.(n>1),
since the fix for the logging problem has already been committed to 5.3.1+,
according to their bug database, but I'm not holding my breath.

--
Carson

Next message: r0otat_private: "Oracle8 denial of service"
Previous message: MegaZone: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
In reply to: Adam Rothschild: "Re: PIX Firewall 5.1 DoS Vulnerability"
Next in thread: Snow, Corey: "Re: PIX Firewall 5.1 DoS Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 11:34:07 PDT