cisco pix firewall prior 5.2 smtp content filter help bypass.plugin

全面网络扫描器VB源代码 很实用

<plugin_id>200</plugin_id>
<plugin_name>Cisco PIX Firewall prior 5.2 SMTP content filter HELP bypass</plugin_name>
<plugin_family>Firewalls</plugin_family>
<plugin_created_date>2004/09/09</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>25</plugin_port>
<plugin_procedure_detection>open|sleep|send HELP\n|sleep|send DATA\n|sleep|send HELP\n|sleep|close|pattern_exists 214 *</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>Check is inspired by the Nessus plugin. Lincoln Yeoh wrote in his Bugtraq posting [http://www.securityfocus.com/archive/1/68903] that he found the bug in 1996 and informed the vendor - But about 4 generations later is the flaw still existent...</plugin_comment>
<bug_published_name>Lincoln Yeoh</bug_published_name>
<bug_published_email>lyeoh at pop dot jaring dot my</bug_published_email>
<bug_published_date>2000/09/19</bug_published_date>
<bug_advisory>http://www.securityfocus.com/advisories/2673</bug_advisory>
<bug_produced_name>Cisco Systems</bug_produced_name>
<bug_produced_email>info at cisco dot com</bug_produced_email>
<bug_produced_web>http://www.cisco.com</bug_produced_web>
<bug_affected>Cisco PIX</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The target host seems to be a Cisco PIX Firewall prior 5.2 with acitvated SMTP content filter. An attacker may use this information to start further enumeration or dedicated attacks. An attacker may also bypass this content filtering by issuing a DATA command before a MAIL command, that allow him to directly communicate with the real SMTP daemon.</bug_description>
<bug_solution>You should upgrade your Cisco PIX to eliminate known vulnerabilities. See http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml for more details.</bug_solution>
<bug_fixing_time>Approx. 1 hour</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/1698/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>8</bug_popularity>
<bug_simplicity>5</bug_simplicity>
<bug_impact>7</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>Medium</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check a bit more accurate.</bug_check_tool>
<source_cve>CVE-2000-1022</source_cve>
<source_securityfocus_bid>1698</source_securityfocus_bid>
<source_nessus_id>10520</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.securityfocus.com/archive/1/83741</source_misc>