Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Cisco Secure PIX Firewall TCP Reset Vulnerability

  • From: Paul Howell
  • Date: Wed Jul 12 07:09:18 2000 
At http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml


Summary

The Cisco Secure PIX Firewall cannot distinguish between a forged TCP Reset 
(RST) packet and a genuine TCP RST packet.  Any TCP/IP connection established 
through the Cisco Secure PIX Firewall can be terminated by a third party from 
the untrusted network if the connection can be uniquely determined. This 
vulnerability is independent of configuration. There is no workaround.

This vulnerability exists in all Cisco Secure PIX Firewall software releases 
up to and including 4.2(5), 4.4(4), 5.0(3) and 5.1(1).
The defect has been assigned Cisco bug ID CSCdr11711. 

This notice is posted at 
http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml 
on Cisco's Worldwide Web site.


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.