OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
From: Leandro Dardini (ldardiniUSL4.TOSCANA.IT)
Date: Wed Sep 20 2000 - 02:49:03 CDT


I test my (old) pix box running 4.2(1) and it is not exploitable.
When I try to not complete my smtp session, issuing a "data" command before
rcpt, I receive a
503 Need RCPT (recipient)
message.
I test other permutation of helo, mail, rcpt, data command but all fails.

Leandro

----- Original Message -----
From: naif <naifINET.IT>
To: <BUGTRAQSECURITYFOCUS.COM>
Sent: Tuesday, September 19, 2000 6:27 PM
Subject: Cisco PIX Firewall (smtp content filtering hack)

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> How to escape "fixup smtp" of Cisco Pix Firewall:
>
> The Cisco Pix Firewall normally restrict some protocol
command(http,ftp,smtp) and manage
> multisession protocol(h323, ftp,sqlnet) .
> I made some test on a BSDI3.0 running sendmail9 placed in the dmz .
> The Pix version it's the latest, 5.2(1)... here the output of "show ver"
> =====================================================
> Cisco Secure PIX Firewall Version 5.2(1)
>