Cisco Application Velocity System Transparent Proxy Arbitrary Mail Relay

2006-05-10T04:17:40
ID OSVDB:25459
Type osvdb
Reporter OSVDB
Modified 2006-05-10T04:17:40

Description

Vulnerability Description

Cisco Application Velocity System contains a flaw that may allow a malicious user to establish arbitrary TCP connection. The issue is triggered when an unspecified action occurs. It is possible that the flaw may allow malicious users to circumvent network policy. One likely reason to abuse this flaw is to connect to arbitrary mail servers.

Solution Description

Upgrade to version 5.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco Application Velocity System contains a flaw that may allow a malicious user to establish arbitrary TCP connection. The issue is triggered when an unspecified action occurs. It is possible that the flaw may allow malicious users to circumvent network policy. One likely reason to abuse this flaw is to connect to arbitrary mail servers.

References:

Vendor Specific Advisory URL Secunia Advisory ID:20079 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0257.html Keyword: spam FrSIRT Advisory: ADV-2006-1762 CVE-2006-2322 Bugtraq ID: 17937