CERTA-2005-AVI-470

Vulnerability from certfr_avis - Published: 2005-11-25 - Updated: 2005-11-25

Une vulnérabilité présente sur le pare-feu PIX de CISCO permet à un utilisateur mal intentionné de réaliser un déni de service via des paquets malcieusement construits.

Description

Un utilisateur mal intentionné peut réaliser un déni de service via l'utilisation d'un paquet TCP-SYN malicieusement construit ayant une somme de contrôle invalide.

Ce déni de service, d'une durée limitée liée à la configuration du PIX, est restreint aux paquets ayant les mêmes adresses IP, ports sources et destinations que le paquet malicieusement construit.

Contournement provisoire

Il n'existe pour le moment aucun correctif à cette vulnérabilité, cependant CISCO a proposé plusieurs solutions permettant de contourner le problème :

  • activer le mode « TCP-intercept » ;
  • réduire le temps de mise à l'écart associé aux nouvelles connexions bloquées.

Cisco Pix version 6.3 et 7.0.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eCisco Pix version 6.3 et 7.0.\u003c/p\u003e",
  "content": "## Description\n\nUn utilisateur mal intentionn\u00e9 peut r\u00e9aliser un d\u00e9ni de service via\nl\u0027utilisation d\u0027un paquet TCP-SYN malicieusement construit ayant une\nsomme de contr\u00f4le invalide.\n\nCe d\u00e9ni de service, d\u0027une dur\u00e9e limit\u00e9e li\u00e9e \u00e0 la configuration du PIX,\nest restreint aux paquets ayant les m\u00eames adresses IP, ports sources et\ndestinations que le paquet malicieusement construit.\n\n## Contournement provisoire\n\nIl n\u0027existe pour le moment aucun correctif \u00e0 cette vuln\u00e9rabilit\u00e9,\ncependant CISCO a propos\u00e9 plusieurs solutions permettant de contourner\nle probl\u00e8me :\n\n-   activer le mode \u00ab TCP-intercept \u00bb ;\n-   r\u00e9duire le temps de mise \u00e0 l\u0027\u00e9cart associ\u00e9 aux nouvelles connexions\n    bloqu\u00e9es.\n",
  "cves": [],
  "initial_release_date": "2005-11-25T00:00:00",
  "last_revision_date": "2005-11-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de US/CERT 853540 :",
      "url": "http://www.kb.cert.org/vuls/id/853540"
    },
    {
      "title": "CICSO Bugid CSCsc16014 :",
      "url": "http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsc16014"
    },
    {
      "title": "CISCO Bugid CSCsc14915 :",
      "url": "http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsc14915"
    },
    {
      "title": "Information sur le Forum de discussion \u00ab Full-Disclosure \u00bb",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html"
    }
  ],
  "reference": "CERTA-2005-AVI-470",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-11-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente sur le pare-feu PIX de CISCO permet \u00e0 un\nutilisateur mal intentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service via des\npaquets malcieusement construits.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du pare-feu PIX de CISCO",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Forum de discussion Full-disclosure",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.