Vulnerability Development mailing list archives
Re: Cisco PIX Firewall MailGuard Vulnerability
From: "Fabio Pietrosanti (naif)" <naif () inet it>
Date: Thu, 27 Sep 2001 03:47:05 +0200
Hi Jerome, this vulnerability was posted on bugtraq several month by me, and i worked with cisco trying their fixed version and they released the new release of pix . Now Cisco talk about another way to bypass SMTP content filtering, that's not the way i disocovered many month ago, i suppose. The new advisory it's dated 2001 September 26, look @ Bugtraq the official e-mail from cisco, because on the website this is not updated . Regards On Tue, Sep 25, 2001 at 02:42:01PM +0200, Jerome Tytgat wrote:
rather outdated... 10-5-2000... All recents - "less than one year" - binary are ok (>4.4.7, 5.1.4, 5.2.3, 5.3.1, 6.0.1). in fact the order of commands was not checked (you could send a DATA before a RCPT TO). And after sending a DATA command, command was not checked anymore. Simply send a DATA just after a HELO is refused by the mail server with a 500 error but the pix saws the DATA command and is not checking anymore commands. So the mailserver was vulnerable against attack if it has bug (such as overflow). The SMTP fixup is here to prevent use of some functions like EXPN, VRFY. _______________________________________________________________ ENERGIS Jerome Tytgat Network and Security Administrator mailto:j.tytgat () energis fr http://www.energis.fr tel : (33) 03 88 78 77 77 2, rue paul Rohmer fax : (33) 03 88 78 80 00 F-67087 Strasbourg Cedex 2 _______________________________________________________________-----Message d'origine----- De : Fabio Pietrosanti (naif) [mailto:naif () sikurezza org] Envoye : mardi 25 septembre 2001 12:06 A : vuln-dev () securityfocus com Objet : Cisco PIX Firewall MailGuard Vulnerability Hi, i have received the advisory from cisco about the vulnerability in the subject described here: http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml I discovered the old mailguard vulnerability, and i would like to know if someone could explain in details about this new kind of attack against SMTP filter . Regards -- Fabio Pietrosanti ( naif ) E-mail: naif () sikurezza org - naif () blackhats it PGP Key (DSS) http://naif.itapac.net/naif.asc -- Free advertising: www.openbsd.org Multiplatform Ultra-secure OS Free Flame: IPFilter sucks !
-- Fabio Pietrosanti ( naif ) E-mail: naif () sikurezza org - naif () blackhats it PGP Key (DSS) http://naif.itapac.net/naif.asc -- Free advertising: www.openbsd.org Multiplatform Ultra-secure OS Free Flame: IPFilter sucks !
Current thread:
- Cisco PIX Firewall MailGuard Vulnerability Fabio Pietrosanti (naif) (Sep 25)
- RE: Cisco PIX Firewall MailGuard Vulnerability Jerome Tytgat (Sep 25)
- Re: Cisco PIX Firewall MailGuard Vulnerability Fabio Pietrosanti (naif) (Sep 26)
- RE: Cisco PIX Firewall MailGuard Vulnerability Jerome Tytgat (Sep 27)
- Re: Cisco PIX Firewall MailGuard Vulnerability Fabio Pietrosanti (naif) (Sep 26)
- RE: Cisco PIX Firewall MailGuard Vulnerability Jerome Tytgat (Sep 25)