rather outdated... 10-5-2000... All recents - "less than one year" - binary are ok (>4.4.7, 5.1.4, 5.2.3, 5.3.1, 6.0.1). in fact the order of commands was not checked (you could send a DATA before a RCPT TO). And after sending a DATA command, command was not checked anymore. Simply send a DATA just after a HELO is refused by the mail server with a 500 error but the pix saws the DATA command and is not checking anymore commands. So the mailserver was vulnerable against attack if it has bug (such as overflow). The SMTP fixup is here to prevent use of some functions like EXPN, VRFY. _______________________________________________________________ ENERGIS Jerome Tytgat Network and Security Administrator mailto:j.tytgatat_private http://www.energis.fr tel : (33) 03 88 78 77 77 2, rue paul Rohmer fax : (33) 03 88 78 80 00 F-67087 Strasbourg Cedex 2 _______________________________________________________________ > -----Message d'origine----- > De : Fabio Pietrosanti (naif) [mailto:naifat_private] > Envoye : mardi 25 septembre 2001 12:06 > A : vuln-devat_private > Objet : Cisco PIX Firewall MailGuard Vulnerability > > > Hi, > > i have received the advisory from cisco about the vulnerability > in the subject > described here: > http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml > > I discovered the old mailguard vulnerability, and i would like to know if > someone could explain in details about this new kind of attack > against SMTP > filter . > > Regards > > -- > > Fabio Pietrosanti ( naif ) > E-mail: naifat_private - naifat_private > PGP Key (DSS) http://naif.itapac.net/naif.asc > -- > Free advertising: www.openbsd.org Multiplatform Ultra-secure OS > Free Flame: IPFilter sucks ! >
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 09:05:58 PDT