The bug states that it was first found in 9.0(3.2), first fixed in 9.0(3.5) and the latest interim release available for download is 9.0(3.6)
The interim releases are presumably released after the original ASA9.0(3)ED date? Is this correct?
This particular bug is not mentioned in the release notes for the latest interim release. It would be good to be able to see the release notes for the 9.0(3.5) release, which is where it should be documented
My fundamental question is can we assume that the version we are using is effectively 9.0(3.0) and therefore not vulnerable?
ASA Security Advisory - CSCui77398 - Is 9.0(3) Vulnerable?
Interim releases do not generally get their own release notes on the product support page. For ASA 9.0(3), anything with a 3._ in that last part would be an interim release. The downloads page does have the release notes for the currently available interim builds (9.0(3.6) and 9.0(3.8) in that train).
If, after reading the security advisory and analyzing its applicability to your environment, you judge it necessary to update to the interim release that addresses the vulnerability, you can download it directly or contact the TAC to obtain a copy (without service contract in the case of PSIRT-identified vulnerabilities).
I suppose of you want to see the specific release notes for 9.0(3.5) the TAC would probably be able to get you a copy of those too.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...