Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Announces Holes In PIX Firewall

Posted by simoniker on from the net-also-full-of-holes dept.

iiioxx writes "Cisco Systems announced on December 15, 2003 that new security holes have been found in the PIX firewall IOS. The vulnerabilities are in SNMP and VPNC functionality, and both allow for DOS attacks against an affected firewall. Vulnerable IOS versions are 6.3.1, 6.2.2 and earlier, 6.1.4 and earlier. 5.x.x and earlier. There are a couple of workarounds for the SNMP vulnerability, but the only way to correct the VPNC problem is to upgrade the IOS."

3 of 23 comments (clear)

  1. Re:Umm... its not IOS by iiioxx · · Score: 2, Informative

    IOS is what is run on routers. IOS == Internetwork Operating System. PIX OS is completely different. Infact, Cisco has been spending lots of time trying to make PIX OS to look like IOS.

    All pedantry aside, among those in the business, "IOS" is usually considered a generic term, meaning "the software that runs on a piece of Cisco hardware". Rarely, if ever, do I hear the specific terms "PIX OS" or "CatOS" bandied about. The only other common usage is simply "software." As in, "what software is on that box?"

    So yes, the "Cisco University definition" of IOS is router-specific. But in the common usage it just means, "the software on that expensive blue boxy thing." However, feel free to nitpick to your heart's content. Just be sure to upgrade the software on your frickin' PIX.

  2. Re:Umm... its not IOS by Maradine · · Score: 2, Informative

    I'm curious what side of the business you're on. I've never heard a CCIE refer to a Cisco OS as anything other than its name.

    I think what makes things confusing for some people is the fact that many of the hardware types, especially Cats, can run multiple OSs. Hell, in the 6500 series, you can have the chassis running CatOS, its Sups running two different IOSs, and an SVC-FWM-1 in a blade bay running PIXOS (which, for the record, is named 'Finesse'). That's why things get lumped.

    The boys in my local Cisco office are all nomenclature geeks, so that might explain why everyone in this region is anal about names. Point being, to someone who spends a reasonable portion of each day inside other people's Cisco gear, saying 'IOS' to me means 'IOS'.

    --

    trustedworlds.net - gaming, security, and the gunk that lives in between

  3. WRONG!! by wizzy403 · · Score: 3, Informative

    RTFA, you idiot! The security issue applies to both the blade and the standalone PIX. Mod the parent down!