var-200012-0083
Vulnerability from variot
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. Like other firewalls, the Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain smtp commands can be allowed through (for example, dropping extra functionality, such as HELP or commands that could be a security concern, like EXPN or VRFY). When recieving messages, it allows all text through between "data" and ".", as this is where the body of the message would normally go and there could be words in it that are smtp commands which shouldn't be filtered. Due to the nature of SMTP and flaws in exceptional condition handling of PIX, it is reportedly possible to evade the smtp command restrictions by tricking the firewall into thinking the body of the message is being sent when it isn't. During communication with an smtp server, if the "data" command is sent before the more important information is sent, such as "rcpt to", the smtp server will return error 503, saying that rcpt was required. The firewall, however, thinks everything is alright and will let everything through until recieving ".". It is then possible for the attacker to do whatever he wishes on the email server. An old vulnerability that allowed for bypassing of SMTP content filtering has been re-introduced into PIX firmware. This vulnerability is archived in the SecurityFocus vulnerability database as Bugtraq ID: 1698
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200012-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.2\\(5\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2\\(1\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.4\\(4\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.4(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.4\\(4\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.2\\(5\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.2\\(2\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.2\\(1\\)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(4.206)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(7.202)"
}
],
"sources": [
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Issue (SMTP Conent-filtering evasion) first brought up on Bugtraq by Lincoln Yeoh \u003clyeoh@pop.jaring.my\u003e on July 9, 2000. First PIX specific information posted to Bugtraq by naif \u003cnaif@inet.it\u003e on September 19, 2000.",
"sources": [
{
"db": "BID",
"id": "1698"
}
],
"trust": 0.3
},
"cve": "CVE-2000-1022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2000-1022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-2592",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-1022",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200012-055",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-2592",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2592"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. Like other firewalls, the Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain smtp commands can be allowed through (for example, dropping extra functionality, such as HELP or commands that could be a security concern, like EXPN or VRFY). When recieving messages, it allows all text through between \"data\" and \"\u003cCR\u003e\u003cLF\u003e\u003cCR\u003e\u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e\", as this is where the body of the message would normally go and there could be words in it that are smtp commands which shouldn\u0027t be filtered. Due to the nature of SMTP and flaws in exceptional condition handling of PIX, it is reportedly possible to evade the smtp command restrictions by tricking the firewall into thinking the body of the message is being sent when it isn\u0027t. \nDuring communication with an smtp server, if the \"data\" command is sent before the more important information is sent, such as \"rcpt to\", the smtp server will return error 503, saying that rcpt was required. The firewall, however, thinks everything is alright and will let everything through until recieving \"\u003cCR\u003e\u003cLF\u003e\u003cCR\u003e\u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e\". It is then possible for the attacker to do whatever he wishes on the email server. An old vulnerability that allowed for bypassing of SMTP content filtering has been re-introduced into PIX firmware. This vulnerability is archived in the SecurityFocus vulnerability database as Bugtraq ID: 1698",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-1022"
},
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
},
{
"db": "VULHUB",
"id": "VHN-2592"
}
],
"trust": 1.53
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-2592",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2592"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1698",
"trust": 2.3
},
{
"db": "NVD",
"id": "CVE-2000-1022",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200012-055",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20001005 CISCO SECURE PIX FIREWALL MAILGUARD VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "5277",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20000919 CISCO PIX FIREWALL (SMTP CONTENT FILTERING HACK)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20000920 RE: CISCO PIX FIREWALL (SMTP CONTENT FILTERING HACK) - VERSION 4.2(1) NOT EXPLOITABLE",
"trust": 0.6
},
{
"db": "BID",
"id": "3365",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-74116",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "20231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-2592",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2592"
},
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"id": "VAR-200012-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2592"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:59:34.966000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/1698"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/pixfirewallsmtpfilter-pub.shtml"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5277"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5277.php"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml"
},
{
"trust": 0.3,
"url": "http://www5.securityfocus.com/bid/1698"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/pixfirewallsmtpfilter-regression-pub.shtml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2592"
},
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2592"
},
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-2592"
},
{
"date": "2000-09-19T00:00:00",
"db": "BID",
"id": "1698"
},
{
"date": "2001-09-26T00:00:00",
"db": "BID",
"id": "3365"
},
{
"date": "2000-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"date": "2000-12-11T05:00:00",
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-2592"
},
{
"date": "2000-09-19T00:00:00",
"db": "BID",
"id": "1698"
},
{
"date": "2001-09-26T00:00:00",
"db": "BID",
"id": "3365"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200012-055"
},
{
"date": "2018-10-30T16:26:17.700000",
"db": "NVD",
"id": "CVE-2000-1022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Secure PIX Firewall Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200012-055"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "1698"
},
{
"db": "BID",
"id": "3365"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.