发布日期：2000-07-12
更新日期：2000-07-12

受影响系统：

Cisco PIX Firewall 2.7
Cisco PIX Firewall 3.x
Cisco PIX Firewall 4.x
Cisco PIX Firewall 5.x

描述：

---

一个通过Cisco PIX Firewall的正常TCP连接可以被攻击者切断。攻击者只需知道源IP/端口和目的IP/端口，就可以用这些IP/端口发送一个伪造的TCP RST报文给防火墙，那么与这些IP/端口相吻合
的正常TCP连接就被重设。造成拒绝服务攻击。攻击者需要比较深入的了解CISCO PIX防火墙的状态
表，同时需要知道要切断的TCP连接的源/目的地址和端口。

这种攻击不影响其他协议的连接。

<* 来源：Cisco Security Advisory
        security-alert@cisco.com  
*>




建议：

---

CISCO建议以下版本的系统在有效时间后升级：

+-----------------------------+--------------------------+---------------+
|                             |Projected first fixed     |               |
|Affected Version             |regular release (fix will |Date Available |
|                             |carry forward into all    |               |
|                             |later versions)           |               |
+-----------------------------+--------------------------+---------------+
|All versions of Cisco Secure |                          |               |
|PIX up to version 4.2(5)     |                          |               |
|(including 2.7, 3.0, 3.1,    |           4.4(5)         |   2000-06-09  |
|4.0, 4.1)                    |                          |               |
+-----------------------------+--------------------------+---------------+
|All 4.3.x and 4.4.x versions |                          |               |
|up to and including version  |           4.4(5)         |   2000-06-09  |
|4.4(4)                       |                          |               |
+-----------------------------+--------------------------+---------------+
|Version 5.0.x up to and      |                          |               |
|including version 5.0(3)     |           5.1(2)         |   2000-06-09  |
+-----------------------------+--------------------------+---------------+
|Version 5.1.1                |           5.1(2)         |   2000-06-09  |
+-----------------------------+--------------------------+---------------+
CISCO会尽快提供其他版本的补丁程序。



浏览次数：6505
严重程度：0（网友投票）