Security glitch crops up in Cisco firewallgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
Security glitch crops up in Cisco firewall
By Jim Duffy, Network World 03/27/2000 A bug has cropped up in Cisco's firewall products that could allow unauthorized network access.
The Cisco Secure PIX Firewall interprets file transfer protocol (FTP) commands out of context and inappropriately opens temporary access through the firewall, according to a field notice on Cisco's Web site.
The field notice says that there are two vulnerabilities related to the FTP problem. The first occurs when the firewall receives an error message from an internal FTP server containing an encapsulated command. The firewall interprets it as a distinct command and thus opens a separate connection through the firewall.
The second vulnerability happens when a client inside the firewall browses to an external server and selects a link that the firewall interprets as two or more FTP commands. The client begins an FTP connection as expected and at the same time unexpectedly executes another command opening a separate connection through the firewall.
Either vulnerability can be exploited to transmit information through the firewall without authorization, the field notice says.
All users of Cisco Secure PIX Firewalls with software versions up to and including 4.2(5), 4.4(4) and 5.0(3) that provide access to FTP services are at risk from both vulnerabilities, Cisco said.
Cisco Secure PIX Firewall with software version 5.1(1) is affected by the second vulnerability only.
Fixed software and workarounds are available to address the first vulnerability, Cisco said. Fixed software is not yet available for the second vulnerability, but Cisco is providing a workaround.
The fixes and workarounds are described on the field notice. A memory hardware upgrade may be required for some of the software fixes, the field notice says.
Cisco is offering free software upgrades to remedy this vulnerability for affected customers.
Cisco says it has had no reports of malicious exploitation of this vulnerability.
-- Martin Thompson (email@example.com), March 28, 2000