and from the horse's mouth!! http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-regression-pub.sh tml
Gene C. aka C.E. Gene Connor Gene's Custom PC Service since 1989 Serving the U.S., Canada & London,England >From the start of our nation we've stood for no crap, We've handled the toughest all over the map. Osama Bin Laden, a cowardly try, Hasn't anyone told you "Let sleeping Dogs lie"? Feel the Sand on your toes, how HOT can it get. Don't celebrate now, it ain't over yet! A fire in the sky, turns the SAND INTO GLASS ! Osama Bin Laden, Kiss my AMERICAN A** -----Original Message----- From: c.e. gene connor [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 1:44 PM To: NT System Admin Issues Subject: RE: Cisco PIX Firewall Has a Hole 09-28-2001 12:37 PM sorry it took me so long to get back to you all on this, so as you would have a ulr to back up my post here!!! . had to do a search for a site that I could post to the list. I got my info from one of the "my favorite" hacking site!!! http://www.vnunet.com/News/1125714 Gene C. aka C.E. Gene Connor Gene's Custom PC Service since 1989 Serving the U.S., Canada & London,England >From the start of our nation we've stood for no crap, We've handled the toughest all over the map. Osama Bin Laden, a cowardly try, Hasn't anyone told you "Let sleeping Dogs lie"? Feel the Sand on your toes, how HOT can it get. Don't celebrate now, it ain't over yet! A fire in the sky, turns the SAND INTO GLASS ! Osama Bin Laden, Kiss my AMERICAN A** -----Original Message----- From: c.e. gene connor [mailto:[EMAIL PROTECTED]] Sent: Friday, September 28, 2001 1:20 PM To: NT System Admin Issues Subject: Cisco PIX Firewall Has a Hole 09-28-2001 12:37 PM James Middleton, Vnunet September 28, 2001 Cisco's Pix firewall has a dangerous vulnerability, according to an advisory released by the company today. The bug is in the SMTP command filtering feature, known as Mailguard, which is designed to give additional protection to the mail server. Exploiting the hole would allow an attacker to gain information about email accounts and names. The attacker may also be able to execute arbitrary code on the mail server, if it is not properly secured. Although there is not a direct workaround for this vulnerability, the company said that the potential for exploitation "can be lessened by ensuring that mail servers are secured without relying on the PIX functionality." "If that server is already well configured, and has the latest security patches and fixes from the SMTP vendor, that will minimise the potential for exploitation of this vulnerability," the advisory reads. All users of PIX firewalls with software versions 6.0(1), 5.2(5) and 5.2(4) with access to SMTP Mail services are at risk. Apparently the glitch is a failure of the command fixup protocol smtp, which is enabled by default on the firewall. More information can be found here. Cisco also warned that internet firewalls do not protect against risk factors internal to a firewalled network such as social engineering, rogue internal users or additional external access points to the internal network, such as modem pools or network fax machines. As should, they should not be viewed as the only security measure necessary to ensure network integrity. Copyright � 2001 VNU Business Online Limited (UK) [All rights reserved] Gene C. aka C.E. Gene Connor Gene's Custom PC Service since 1989 Serving the U.S., Canada & London,England >From the start of our nation we've stood for no crap, We've handled the toughest all over the map. Osama Bin Laden, a cowardly try, Hasn't anyone told you "Let sleeping Dogs lie"? Feel the Sand on your toes, how HOT can it get. Don't celebrate now, it ain't over yet! A fire in the sky, turns the SAND INTO GLASS ! Osama Bin Laden, Kiss my AMERICAN A** Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/ Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
