Vigil@nce - Cisco ASA: denial of service via ESMTP
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a special sequence of ESMTP commands, during
the session closure, which overloads Cisco ASA.
Severity: 1/4
Creation date: 03/05/2012
IMPACTED PRODUCTS
– Cisco ASA Software
DESCRIPTION OF THE VULNERABILITY
The Cisco ASA firewall can inspect the ESMTP protocol, which is
used for messaging.
An attacker can use a special sequence of ESMTP commands, during
the session closure, which overloads Cisco ASA.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ASA-denial-of-service-via-ESMTP-11575