The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Another Cisco PIX Firewall Vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 31 Aug 1998 07:47:42 -0500
From: Brett Oliphant <Brett_M_Oliphant/[email protected]>
To: [email protected]
Subject: Another Cisco PIX Firewall Vulnerability

Overview:
     Cisco's management software for the PIX Firewall does not perform
proper checking of urls.  The compromise is any file on the management
server can be viewed with a web browser.  This could lead to other more
educated attacks against the network.

Who is Affected?:
     Any site that allows anybody to build a connection to port 8080 of the
PIX Firewall Management server.  It is not uncommon for sites to have a
conduit open through the firewall to reach this box, for the purpose of
remote administration.  I doubt this setup is recommended, but it does
happen.

Details of Exploit:
     The exact details of the exploit will be withheld until Cisco releases
the official advisory, which should be in a few days.

Fix:
     They have confirmed this bug to exist, yet have not informed me their
plan of attack.  A simple temporary solution for this would be if a conduit
does exist from the outside world to the server - remove it.  Secondly,
only run the Cisco Management service when you plan on doing configuration
changes.  Which if you can, the second idea is not a bad one to live by
even after Cisco releases a fix.


Brett Oliphant
Manager - Corporate Computer Security
Lafayette Life Insurance Company


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру