[c-nsp] Nasty PIX 6.3 bug
Robert Blayzor
rblayzor.bulk at inoc.net
Mon Aug 18 05:30:54 EDT 2008
If anyone still has PIX's out there running 6.3(5) we had a pair of
525's nailed by this nasty bug:
http://tinyurl.com/5wovce
We've been running 6.3 for years and only after all the recent DNS
exploits did we see this one start hitting us.
The only way to fix it is to upgrade to 7.x or get the maint/patch
train from TAC. If you have any DNS servers behind your PIX with a
lot of clients querying through your firewalls, you might want to get
this taken care of ASAP before your PIX's get jammed at 100% CPU load
indefinitely. Also stateful failover kindly transfers the 100% load
over to the standby box as well.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net
http://www.inoc.net/~rblayzor/
More information about the cisco-nsp
mailing list