Cisco PIX vulnerabilities

Main Sections

	Home Archive Books Download About Us Contact Us

Download

	Antivirus Software Antivirus Updates Firewall Software Security Tools

Microsoft Warnings

		MS04-028 : Buffer Overrun in JPEG Processing (GDI+) MS04-027 : Vulnerability in WordPerfect Converter MS04-026 : Vulnerability in Exchange Server 5.5 Outlook Web Access MS04-025 : Cumulative Security Update for IE MS04-024 : Vulnerability in Windows Shell MS04-023 : Vulnerability in HTML Help MS04-022 : Vulnerability in Task Scheduler MS04-021 : Security Update for IIS 4 MS04-020 : Vulnerability in POSIX MS04-019 : Vulnerability in Utility Manager

Sun Warnings

		#220 Double Free bug in zlib compression library #219 SEA SNMP #218 Bytecode Verifier #217 Java Web Start #216 HttpURLConnection #215 snmpdx #214 dtspcd #213 login #212 rpc.ttdbserverd #211 xntpd

Cisco PIX vulnerabilities

20 nov 2002

Cisco has issued an advisory regarding two vulnerabilities in Cisco PIX.

It is possible for an attacker to hijack a VPN connection if he can succesfully spoof a victims IP address and knows the peer authentication key (group pre-shared key or group password key).

Affected versions :
<6.0.4
<6.1.4
<6.2.1

Cisco PIX may crash and reload because of a buffer overflow when handling HTTP traffic for TACACS+ or RADIUS authentication.

Affected versions :
<5.2.9
<6.0.4
<6.1.4
<6.2.2

Upgrade to one of the following versions or never:
5.2.9
6.0.4
6.1.4
6.2.2

Upgrade info: cisco.com