patch your asa and pix boxes

If you have a Cisco ASA or Pix around, you might want to think about patching it. Cisco has released information on several vulnerabilities. Particularly interesting are a couple remote DoS attacks and an ACL implicit deny bypass.

The latter is a bit vague and scores low on the Cisco metrics for impact. In some postings I read it as an ACL to get into the device, but in other wordings I get the impression it affects firewall rules for traversing the box. Either way, hopefully you use explicit DENY and don’t rely on the implicit one.