Hi Jerome, this vulnerability was posted on bugtraq several month by me, and i worked with cisco trying their fixed version and they released the new release of pix . Now Cisco talk about another way to bypass SMTP content filtering, that's not the way i disocovered many month ago, i suppose. The new advisory it's dated 2001 September 26, look @ Bugtraq the official e-mail from cisco, because on the website this is not updated . Regards On Tue, Sep 25, 2001 at 02:42:01PM +0200, Jerome Tytgat wrote: > rather outdated... 10-5-2000... > > All recents - "less than one year" - binary > are ok (>4.4.7, 5.1.4, 5.2.3, 5.3.1, 6.0.1). > > in fact the order of commands was not checked > (you could send a DATA before a RCPT TO). > > And after sending a DATA command, command was not > checked anymore. > > Simply send a DATA just after a HELO is refused by > the mail server with a 500 error but the pix saws > the DATA command and is not checking anymore commands. > > So the mailserver was vulnerable against attack if it has > bug (such as overflow). > > The SMTP fixup is here to prevent use of some functions > like EXPN, VRFY. > > _______________________________________________________________ > ENERGIS > Jerome Tytgat > Network and Security Administrator > mailto:j.tytgatat_private http://www.energis.fr > tel : (33) 03 88 78 77 77 2, rue paul Rohmer > fax : (33) 03 88 78 80 00 F-67087 Strasbourg Cedex 2 > _______________________________________________________________ > > > > > > > > > > -----Message d'origine----- > > De : Fabio Pietrosanti (naif) [mailto:naifat_private] > > Envoye : mardi 25 septembre 2001 12:06 > > A : vuln-devat_private > > Objet : Cisco PIX Firewall MailGuard Vulnerability > > > > > > Hi, > > > > i have received the advisory from cisco about the vulnerability > > in the subject > > described here: > > http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml > > > > I discovered the old mailguard vulnerability, and i would like to know if > > someone could explain in details about this new kind of attack > > against SMTP > > filter . > > > > Regards > > > > -- > > > > Fabio Pietrosanti ( naif ) > > E-mail: naifat_private - naifat_private > > PGP Key (DSS) http://naif.itapac.net/naif.asc > > -- > > Free advertising: www.openbsd.org Multiplatform Ultra-secure OS > > Free Flame: IPFilter sucks ! > > -- Fabio Pietrosanti ( naif ) E-mail: naifat_private - naifat_private PGP Key (DSS) http://naif.itapac.net/naif.asc -- Free advertising: www.openbsd.org Multiplatform Ultra-secure OS Free Flame: IPFilter sucks !
This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 19:30:31 PDT