DOS vulnerability for PIX 6.2.2

m-raft · ‎11-19-2002

I received an email from ISS Xforce detailing a vulnerability with PIX vers 6.2.2 with tcp syn packet Denial of Service if ssh or telnet is enabled. They recommend upgrading to 6.2.2.111 which they say is available on the Cisco TAC website. I have looked on the software downloads under the TAC and don't see a reference to that OS. Is this really a vulnerability with the PIX and if so is there another location that we can download the corrected OS?

Thanks

gfullage · ‎11-19-2002

That ode version is an interim release, not available on CCO. To get it you'll have to open a TAC case and reuqest someone send it to you.

I would get some more information from ISS regarding this vulnerability also and ask the TAc about it. All our security advisories are listed here (http://www.cisco.com/warp/public/707/advisory.html), I don't see one detailing what ISS is talking about.

You should not allow Telnet or SSH from the outside anyway, so unless you've done that you'll be safe (from outside attacks anyway) assuming this is a valid vulnerability.

kdurrett · ‎11-20-2002

FYI, the reported vulnerability actually involved only telnet or ssh from the inside interface and stated nothing for a issue on the outside.

Kurtis Durrett

m-raft · ‎11-20-2002

Actually, it implies all interfaces that SSH or telnet is enabled on. In the workaround section of the actual bugtraq post it suggests "Filter inbound SSH and telnet traffic targeted to the PIX external subnet address and interface address on the upstream router. " The actual test appears to have been against the internal interface but with the above statement I'm guessing that they are saying the external interface is vulnerable as well. I'm still waiting to hear from Cisco about whether they have Bug ID for this or not.