Cisco PIX Firewall prior 5.2 SMTP content filter HELP bypass 1.1
 
Plugin ID200
Plugin nameCisco PIX Firewall prior 5.2 SMTP content filter HELP bypass
Plugin filenameCisco PIX Firewall prior 5.2 SMTP content filter HELP bypass.plugin
Plugin filesize3644 bytes
Plugin familyFirewalls
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/09/09
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.1
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.1
Plugin protocoltcp
Plugin port25
Plugin procedure detectionopen|sleep|send HELP\n|sleep|send DATA\n|sleep|send HELP\n|sleep|close|pattern_exists 214 *
Plugin detection accuracy90
Plugin commentCheck is inspired by the Nessus plugin. Lincoln Yeoh wrote in his Bugtraq posting [http://www.securityfocus.com/archive/1/68903] that he found the bug in 1996 and informed the vendor - But about 4 generations later is the flaw still existent...
Bug published nameLincoln Yeoh
Bug published emaillyeoh at pop dot jaring dot my
Bug published date2000/09/19
Bug advisoryhttp://www.securityfocus.com/advisories/2673
Bug produced nameCisco Systems
Bug produced emailinfo at cisco dot com
Bug produced webhttp://www.cisco.com
Bug affectedCisco PIX
Bug not affectedOther solutions
Bug vulnerability classConfiguration
Bug descriptionThe target host seems to be a Cisco PIX Firewall prior 5.2 with acitvated SMTP content filter. An attacker may use this information to start further enumeration or dedicated attacks. An attacker may also bypass this content filtering by issuing a DATA command before a MAIL command, that allow him to directly communicate with the real SMTP daemon.
Bug solutionYou should upgrade your Cisco PIX to eliminate known vulnerabilities. See http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml for more details.
Bug fixing timeApprox. 1 hour
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/1698/exploit/
Bug remoteYes
Bug localYes
Bug severityMedium
Bug popularity8
Bug simplicity5
Bug impact7
Bug risk7
Bug Nessus riskMedium
Bug check toolsNessus is able to do the same check a bit more accurate.
Source CVECVE-2000-1022
Source SecurityFocus BID1698
Source Nessus ID10520
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.securityfocus.com/archive/1/83741

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.