Cisco firewall has a hole

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/News/1125714

By James Middleton
vnunet.com 
27-09-2001

Cisco's Pix firewall has a dangerous vulnerability, according to an
advisory released by the company today.

The bug is in the SMTP command filtering feature, known as Mailguard,
which is designed to give additional protection to the mail server.

Exploiting the hole would allow an attacker to gain information about
email accounts and names. The attacker may also be able to execute
arbitrary code on the mail server, if it is not properly secured.

Although there is not a direct workaround for this vulnerability, the
company said that the potential for exploitation "can be lessened by
ensuring that mail servers are secured without relying on the PIX
functionality."

"If that server is already well configured, and has the latest
security patches and fixes from the SMTP vendor, that will minimise
the potential for exploitation of this vulnerability," the advisory
reads.

All users of PIX firewalls with software versions 6.0(1), 5.2(5) and
5.2(4) with access to SMTP Mail services are at risk.

Apparently the glitch is a failure of the command fixup protocol smtp,
which is enabled by default on the firewall.

More information can be found here. [1]

Cisco also warned that internet firewalls do not protect against risk
factors internal to a firewalled network such as social engineering,
rogue internal users or additional external access points to the
internal network, such as modem pools or network fax machines. As
should, they should not be viewed as the only security measure
necessary to ensure network integrity.

[1] http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.shtml



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.