http://www.vnunet.com/News/1125714 By James Middleton vnunet.com 27-09-2001 Cisco's Pix firewall has a dangerous vulnerability, according to an advisory released by the company today. The bug is in the SMTP command filtering feature, known as Mailguard, which is designed to give additional protection to the mail server. Exploiting the hole would allow an attacker to gain information about email accounts and names. The attacker may also be able to execute arbitrary code on the mail server, if it is not properly secured. Although there is not a direct workaround for this vulnerability, the company said that the potential for exploitation "can be lessened by ensuring that mail servers are secured without relying on the PIX functionality." "If that server is already well configured, and has the latest security patches and fixes from the SMTP vendor, that will minimise the potential for exploitation of this vulnerability," the advisory reads. All users of PIX firewalls with software versions 6.0(1), 5.2(5) and 5.2(4) with access to SMTP Mail services are at risk. Apparently the glitch is a failure of the command fixup protocol smtp, which is enabled by default on the firewall. More information can be found here. [1] Cisco also warned that internet firewalls do not protect against risk factors internal to a firewalled network such as social engineering, rogue internal users or additional external access points to the internal network, such as modem pools or network fax machines. As should, they should not be viewed as the only security measure necessary to ensure network integrity. [1] http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.shtml - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 07:50:52 PDT