Reported September 26, 2001, by Cisco Systems.

VERSION AFFECTED

  • Cisco Systems Secure PIX Firewalls with software versions 6.0(1), 5.2(5), and 5.2(4)

DESCRIPTION

Secure PIX Firewalls that provide access to SMTP mail servers might let users bypass the firewall's SMTP command filtering. In such events, intruders can gather information about email accounts or perform exploits against the mail server if that server has any existing vulnerabilities.

VENDOR RESPONSE

The vendor, Cisco Systems, is offering free software upgrades to remedy this vulnerability for all affected customers. To obtain the fix, refer to Cisco's bulletin regarding this matter.

CREDIT
Discovered by Cisco Systems.