Cisco can't reproduce Black Hat flaw

Cisco has not been able to reproduce an alleged security flaw in its PIX firewall appliance that was disclosed two weeks ago at Black Hat USA.

Robert McMillan (IDG News Service)
15 August, 2006 11:00
Comments

Cisco Systems has been unable to reproduce a security flaw reported in its PIX firewall appliance earlier this month, the networking company said Tuesday.

The alleged flaw was discovered by Hendrik Scholz, a developer with Freenet Cityline, who discussed it during Aug. 2 presentation at the Black Hat USA conference in Las Vegas. Freenet is a German VOIP (voice over Internet Protocol) service provider.

Scholz claimed that if someone sent the PIX device a specially crafted SIP (Session Initiation Protocol) message, the firewall would then allow attackers to send traffic to any device on the network. SIP is a protocol used to set up telephone calls and other communication sessions over the Internet.

"We've had engineers both within the business unit and within our PSIRT [product security incident response team] organization looking into this," said John Noh, a Cisco spokesman. "We have not been able to replicate what he claims he has discovered."

Cisco had not ruled out the possibility that a flaw exists and is still testing its security appliances for a possible vulnerability, Noh said. But the company wanted to update customers on what it had found so far, he explained. "This is just a response for the benefit of our customers who might have seen the press coverage."

Scholz could not be reached immediately for comment.

During his Black Hat presentation, the security researcher said that exploiting the flaw was "really easy to do." But in an e-mail interview conducted two weeks ago, Scholtz said that a hacker would first need to know "intimate details" about the network being attacked and have control of a device on the inside in order to pull off the attack.

The problem, as Scholtz described it, had to do with the PIX SIP state engine and parser.

Cisco's comments on Scholtz's findings can be found athttp://www.cisco.com/warp/public/707/cisco-sr-20060815-sip.shtml.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Cisco, Cisco Systems, FreeNet, HIS Limited

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Three simple steps to better patch security

It’s estimated that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting. Yet patching is a persistent challenge for IT managers. With the glut of patches released each year, how do you know which ones are truly critical security patches and which ones aren’t? And how can you identify which computers are actually missing the patches they need? This paper details a simple approach to patching that gives you better visibility into and control over patch assessment and compliance.

Featured Download