Individual PIX Firewall sessions can be shut down by sending a specifically crafted TCP RST (reset) packet to the firewall device. In order for an attack to be effective the RST packet must contain valid information for source and destination ports and addresses that matches an active session in the firewall"s connection table. Therefore, without detailed knowledge of the firewall"s connection table would be unable to deny service to active sessions.
Cisco offers free software upgrades to correct this problem for all of their affected customers. According to Cisco"s bulletin, customers with contracts should obtain upgraded software through their regular update channels. Customers without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) at 800-553-2447 (toll-free from within North America) or 408-526-7209 (toll call from anywhere in the world) or e-mail: email@example.com