Cisco Secure PIX Firewall Forged TCP RST Vulnerability
BID:1454
Info
Cisco Secure PIX Firewall Forged TCP RST Vulnerability
| Bugtraq ID: | 1454 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 10 2000 12:00AM |
| Updated: | Jul 10 2000 12:00AM |
| Credit: | This vulnerability was originally reported to BugTraq on March 20, 2000 by Andrew Alston <[email protected]> |
| Vulnerable: |
Cisco PIX Firewall 5.1 Cisco PIX Firewall 5.0 Cisco PIX Firewall 4.4 (4) Cisco PIX Firewall 4.3 Cisco PIX Firewall 4.2.2 Cisco PIX Firewall 4.2.1 Cisco PIX Firewall 4.2 (5) Cisco PIX Firewall 4.1.6 b Cisco PIX Firewall 4.1.6 Cisco PIX Firewall 4.0 Cisco PIX Firewall 3.1 Cisco PIX Firewall 3.0 Cisco PIX Firewall 2.7 |
| Not Vulnerable: | |
Discussion
Cisco Secure PIX Firewall Forged TCP RST Vulnerability
A connection through a Cisco Secure PIX Firewall can be reset by a third party if the source and destination IP addresses and ports of the connection can be determined or inferred. This can be accomplished by sending a forged TCP Reset (RST) packet to the firewall, containing the same source and destination addresses and ports (in the TCP packet header) as the connection to be disrupted. The attacker would have to possess detailed knowledge of the connection table in the firewall (which is used to track outgoing connections and disallow any connections from the external network that were not initiated by an internal machine) or be able to otherwise determine the required IP address and port information to exploit this.
A connection through a Cisco Secure PIX Firewall can be reset by a third party if the source and destination IP addresses and ports of the connection can be determined or inferred. This can be accomplished by sending a forged TCP Reset (RST) packet to the firewall, containing the same source and destination addresses and ports (in the TCP packet header) as the connection to be disrupted. The attacker would have to possess detailed knowledge of the connection table in the firewall (which is used to track outgoing connections and disallow any connections from the external network that were not initiated by an internal machine) or be able to otherwise determine the required IP address and port information to exploit this.
Exploit / POC
Cisco Secure PIX Firewall Forged TCP RST Vulnerability
The following exploit was written to compile under FreeBSD by Citec Network Securities.
The following exploit was written to compile under FreeBSD by Citec Network Securities.
Solution / Fix
Cisco Secure PIX Firewall Forged TCP RST Vulnerability
Solution:
Cisco plans to release updated PIX software to deal with these issues. See the Cisco advisory on this issue for details.
Solution:
Cisco plans to release updated PIX software to deal with these issues. See the Cisco advisory on this issue for details.
References
Cisco Secure PIX Firewall Forged TCP RST Vulnerability
References:
References: