Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1672
Views
5
Helpful
1
Replies

Python Vulnerability in Ironports

bob.bartlett
Level 1
Level 1

‎12-20-2013 07:55 AM

Are the Ironports vulnerable to the Python issue #2254?

Labels:
0 Helpful
1 Reply 1

Robert Sherwin
Cisco Employee
Cisco Employee

‎12-26-2013 05:30 PM

Bob -

Reviewing the Python vulnerabilty - I do believe you are referring to the following:

http://bugs.python.org/issue2254

Description:

================================================================================

Requesting cgi script (in example test.py) without / in the beginnig of URL cause return script content/code instead of script execution.  It could lead to disclose some secret information eg. password.

AsyncOS does not use that module that is affected by this Python vulnerabilty.  The Python source code is not included our OS.

If there were any concerns with the cipher strength that is implemented on your appliance, we would suggest that you have the following set for your 'sslconfig' ciphers:

include medium and high cipher strengths, disable SSLv2 (optional) and disallow anonymous ciphers:

Inbound SMTP method: sslv3tlsv1

Inbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH

Outbound SMTP method: sslv3tlsv1

Outbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH

Hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cheers,
Robert Sherwin
Customers Also Viewed These Support Documents