--On Friday, April 13, 2001 2:00 PM -0400 Adam Rothschild <[EMAIL PROTECTED]>
wrote:
> On Wed, Apr 11, 2001 at 04:22:33PM -0700, Scott Raymond wrote:
>> By the way, I recently upgraded a PIX 515 at work. The folks at
>> Cisco inform me that the latest software binary image, 5.3.1, is
>> broken. They suggest upgrading to 5.2.5, which has all of the
>> updates in 5.3.1, including the elimination of the DoS
>> vulnerability.
>
> Interesting; definitely the first I've heard of this. Do you have any
> details of this reported brokenness, or perhaps a Cisco bug ID to
> reference?
5.3.1 does not log port numbers of denied UDP packets. There are also
issues with SSH and HA. Someday Cisco might actually release 5.3.(n>1),
since the fix for the logging problem has already been committed to 5.3.1+,
according to their bug database, but I'm not holding my breath.
--
Carson
