Cisco PIX PASV Mode FTP Internal Address Disclosure

2000-10-03T00:00:00
ID OSVDB:1623
Type osvdb
Reporter OSVDB
Modified 2000-10-03T00:00:00

Description

Vulnerability Description

Cisco PIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends multiple PASV requests to a protected FTP server, which will disclose the server's internal IP address information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Cisco does not appear to have acknowledged this issue.

Short Description

Cisco PIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends multiple PASV requests to a protected FTP server, which will disclose the server's internal IP address information resulting in a loss of confidentiality.

References:

Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2 ISS X-Force ID: 5646 CVE-2000-1027 Bugtraq ID: 1877