CVE-2000-1022
published 2000-12-11CVE-2000-1022: The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.10%
93.4th percentile
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
| cisco | pix_firewall_software | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco PIX Firewall 4.x/5.x - SMTP Content Filtering Evasion
exploitdb·2000-09-19
CVE-2000-1022 Cisco PIX Firewall 4.x/5.x - SMTP Content Filtering Evasion
Cisco PIX Firewall 4.x/5.x - SMTP Content Filtering Evasion
---
source: https://www.securityfocus.com/bid/1698/info
Like other firewalls, the Cisco PIX Firewall implements technology that reads the contents of packets passing through it for application-level filtering. In the case of SMTP, it can be configured so only certain smtp commands can be allowed through (for example, dropping extra functionality, such as HELP or commands that could be a security concern, like EXPN or VRFY). When recieving messages, it allows all text through between "data" and ".", as this is where the body of the message would normally go and there could be words in it that are smtp commands which shouldn't be filtered. Due to the nature of SMTP and flaws in exceptional condition handling of PIX, it is reporte
Exploit-DB
Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (1)
exploitdb·1999-11-07
CVE-2001-0679 Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (1)
Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Remote Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/787/info
There is a buffer overflow in the HELO command of the smtp gateway which ships as part of the VirusWall product. This buffer overflow could be used to launch arbitrary code on the vulnerable server.
This issue was patched by InterScan, however even with the patch it is possible to cause a DoS of the mail server software by sending between 4075 and 4090 characters.
#!/usr/bin/perl
# (c) Alain Thivillon & Stephane Aubert
# Herve Schauer Consultants 2000
# http://www.hsc.fr/
#
# Do not use this stuff against Microsoft MX hosts :)
#
# Crash Interscan SMTP Server on Windows NT Version 3.32 Builds 1011 and 1022
# Depending of debugger installed on NT, crash c
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-09/0241.htmlhttp://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtmlhttp://www.securityfocus.com/bid/1698https://exchange.xforce.ibmcloud.com/vulnerabilities/5277http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-09/0241.htmlhttp://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtmlhttp://www.securityfocus.com/bid/1698https://exchange.xforce.ibmcloud.com/vulnerabilities/5277
2000-12-11
Published