Cisco PIX PASV Mode FTP Internal Address Disclosure Vulnerability
BID:1877
Info
Cisco PIX PASV Mode FTP Internal Address Disclosure Vulnerability
| Bugtraq ID: | 1877 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 03 2000 12:00AM |
| Updated: | Oct 03 2000 12:00AM |
| Credit: | Discovered by Fabio Pietrosanti (naif) <[email protected]>. Posted to Bugtraq on Oct 3, 2000. |
| Vulnerable: |
Cisco PIX Firewall 5.2 |
| Not Vulnerable: | |
Discussion
Cisco PIX PASV Mode FTP Internal Address Disclosure Vulnerability
The Cisco PIX is a popular firewall network device.
It is possible to configure the PIX so that it hides the IP address of internal ftp servers from clients connecting to it. By sending a number of requests to enter passive ftp mode (PASV) during an ftp session, the IP address will eventually be disclosed. It is not known what exactly causes this condition.
This has been verified on versions 5.2(4) and 5.2(2) of the PIX firmware and probably affects other versions.
The Cisco PIX is a popular firewall network device.
It is possible to configure the PIX so that it hides the IP address of internal ftp servers from clients connecting to it. By sending a number of requests to enter passive ftp mode (PASV) during an ftp session, the IP address will eventually be disclosed. It is not known what exactly causes this condition.
This has been verified on versions 5.2(4) and 5.2(2) of the PIX firmware and probably affects other versions.
Exploit / POC
Cisco PIX PASV Mode FTP Internal Address Disclosure Vulnerability
The following exploit was submitted by Fabio Pietrosanti (naif) <[email protected]>. It must be run many times on the victim server before the internal IP address will be disclosed.
The following exploit was submitted by Fabio Pietrosanti (naif) <[email protected]>. It must be run many times on the victim server before the internal IP address will be disclosed.
Solution / Fix
Cisco PIX PASV Mode FTP Internal Address Disclosure Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Cisco PIX PASV Mode FTP Internal Address Disclosure Vulnerability
References:
References: