Re: Cisco PIX Firewall MailGuard Vulnerability
From: Fabio Pietrosanti (naif) (naif@inet.it)Date: 09/27/01
- Previous message: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
- In reply to: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Next in thread: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Reply: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Sep 2001 03:47:05 +0200 From: "Fabio Pietrosanti (naif)" <naif@inet.it> To: vuln-dev@securityfocus.com Subject: Re: Cisco PIX Firewall MailGuard Vulnerability Message-ID: <20010927034705.A3765@inet.it>
Hi Jerome,
this vulnerability was posted on bugtraq several month by me, and i worked
with cisco trying their fixed version and they released the new release of pix .
Now Cisco talk about another way to bypass SMTP content filtering, that's not
the way i disocovered many month ago, i suppose.
The new advisory it's dated 2001 September 26, look @ Bugtraq the official
e-mail from cisco, because on the website this is not updated .
Regards
On Tue, Sep 25, 2001 at 02:42:01PM +0200, Jerome Tytgat wrote:
> rather outdated... 10-5-2000...
>
> All recents - "less than one year" - binary
> are ok (>4.4.7, 5.1.4, 5.2.3, 5.3.1, 6.0.1).
>
> in fact the order of commands was not checked
> (you could send a DATA before a RCPT TO).
>
> And after sending a DATA command, command was not
> checked anymore.
>
> Simply send a DATA just after a HELO is refused by
> the mail server with a 500 error but the pix saws
> the DATA command and is not checking anymore commands.
>
> So the mailserver was vulnerable against attack if it has
> bug (such as overflow).
>
> The SMTP fixup is here to prevent use of some functions
> like EXPN, VRFY.
>
> _______________________________________________________________
> ENERGIS
> Jerome Tytgat
> Network and Security Administrator
> mailto:j.tytgat@energis.fr http://www.energis.fr
> tel : (33) 03 88 78 77 77 2, rue paul Rohmer
> fax : (33) 03 88 78 80 00 F-67087 Strasbourg Cedex 2
> _______________________________________________________________
>
>
>
>
>
>
>
>
> > -----Message d'origine-----
> > De : Fabio Pietrosanti (naif) [mailto:naif@sikurezza.org]
> > Envoye : mardi 25 septembre 2001 12:06
> > A : vuln-dev@securityfocus.com
> > Objet : Cisco PIX Firewall MailGuard Vulnerability
> >
> >
> > Hi,
> >
> > i have received the advisory from cisco about the vulnerability
> > in the subject
> > described here:
> > http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
> >
> > I discovered the old mailguard vulnerability, and i would like to know if
> > someone could explain in details about this new kind of attack
> > against SMTP
> > filter .
> >
> > Regards
> >
> > --
> >
> > Fabio Pietrosanti ( naif )
> > E-mail: naif@sikurezza.org - naif@blackhats.it
> > PGP Key (DSS) http://naif.itapac.net/naif.asc
> > --
> > Free advertising: www.openbsd.org Multiplatform Ultra-secure OS
> > Free Flame: IPFilter sucks !
> >
--Fabio Pietrosanti ( naif ) E-mail: naif@sikurezza.org - naif@blackhats.it PGP Key (DSS) http://naif.itapac.net/naif.asc -- Free advertising: www.openbsd.org Multiplatform Ultra-secure OS Free Flame: IPFilter sucks !
- Previous message: Stanley G. Bubrouski: "Re: MMS Notification (fwd)"
- In reply to: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Next in thread: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Reply: Jerome Tytgat: "RE: Cisco PIX Firewall MailGuard Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
