Cisco PIX VPN会话劫持漏洞发布时间:2002-11-20 更新时间:2002-11-20 严重程度:高 威胁程度:普通用户访问权限 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:6211 受影响系统 Cisco PIX Firewall 6.0 (2)详细描述 PIX是Cisco公司的一个硬件防火墙。 PIX防火墙在处理VPN会话的时候存在漏洞。当处理初始化联系通知消息(contact notify messages)时,PIX没有删除重复的端与端的ISAKMP SAs,远程攻击者可以利用这个漏洞进行会话劫持攻击,未授权访问私有网络。 攻击者必须得到对等验证密钥来初始化这个攻击。 测试代码 无 解决方案 Cisco PIX Firewall 6.0 (2): Cisco Upgrade PIX Firewall 6.0.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco PIX Firewall 6.0 (1): Cisco Upgrade PIX Firewall 6.0.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco PIX Firewall 6.0: Cisco Upgrade PIX Firewall 6.0.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco PIX Firewall 6.0.3: Cisco Upgrade PIX Firewall 6.0.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco PIX Firewall 6.1 (2): Cisco Upgrade PIX Firewall 6.1.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco PIX Firewall 6.1: Cisco Upgrade PIX Firewall 6.1.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco PIX Firewall 6.1.3: Cisco Upgrade PIX Firewall 6.1.4 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix Cisco Upgrade PIX Firewall 6.2.1 http://www.cisco.com/pcgi-bin/tablebuild.pl/pix 相关信息 参考:http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml |
