• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco PIX Firewall SMTP Content Filtering Evasion Vulnerability

Solution:
Cisco as of 09/27/00 released an advisory on this vulnerability titled "Cisco Secure PIX Firewall Mailguard Vulnerability
" this advisory is listed in it's entirety withint the 'Credit' section of this vulnerability entry. The fix information provided in that advisory is as follows:

Getting Fixed Software

Cisco is offering free software upgrades to remedy this vulnerability
for all affected customers. Customers with service contracts may
upgrade to any software version. Customers without contracts may
upgrade only within a single row of the table below, except that any
available fixed software will be provided to any customer who can use
it and for whom the standard fixed software is not yet available. As
always, customers may install only the feature sets they have
purchased.

+-------------------------------------+----------------------------------+
| | Fixed Regular Release available |
| Version Affected | now; fix will carry forward into |
| | all later releases |
+-------------------------------------+----------------------------------+
| All versions of Cisco Secure PIX up | |
| to version 4.4(5) (including 2.7, | 4.4(6) |
| 3.0, 3.1, 4.0, 4.1) | |
+-------------------------------------+----------------------------------+
| Version 5.0.x up to and including | |
| version 5.0(3) | 5.1(3) |
+-------------------------------------+----------------------------------+
| All 5.1.x up to and including | |
| version 5.1(2)* | 5.1(3) |
+-------------------------------------+----------------------------------+
| Version 5.2(1) | 5.2(2) |
+-------------------------------------+----------------------------------+

*For customers who may have engineering releases addressing specific
unrelated defects, designated as 5.1(2)2xx, version 5.1(3) only
includes the SMTP security fixes and does not include any other
bugfixes. Customers requiring engineering releases to address specific
unrelated defects will need to use 5.1(2)207 or higher, which also
includes the SMTP security fixes.

Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained via the Software Center on Cisco's Worldwide Web
site at http://www.cisco.com.

Customers without contracts should get their upgrades by contacting
the Cisco Technical Assistance Center (TAC). TAC contacts are as
follows:
* +1 800 553 2447 (toll-free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com

Give the URL of this notice as evidence of your entitlement to a free
upgrade. Free upgrades for non-contract customers must be requested
through the TAC. Please do not contact either "psirt@cisco.com" or
"security-alert@cisco.com" for software upgrades.

Exploitation and Public Announcements

This vulnerability was first reported to Cisco by a customer. This
vulnerability has been discussed on public forums.