Optical/IP Networks

Black Hat Flaw Eludes Cisco

Don't you just hate it when you finally tell someone about that computer bug you've been experiencing -- and all of a sudden, it stops happening?

That seems to be the case with a firewall vulnerability discussed at the recent Black Hat Inc. conference. Cisco Systems Inc. (Nasdaq: CSCO) says it's yet to confirm the problem, and not for lack of trying.

In a security response issued yesterday, Cisco says its Product Security Incident Response Team (PSIRT) "has been unable to reproduce this issue."

This doesn't mean the story is over, though. A Cisco spokesman says the team will continue the hunt and publish details "as they are available."

On Aug. 2, researcher Hendrik Scholz disclosed a vulnerability in Cisco's PIX firewall at the end of a presentation entitled "SIP Stack Fingerprinting and Stack Difference Attacks." He didn't divulge details of the problem or how it might be exploited. (See Cisco & Black Hat Meet Again.)

Scholz, who works for Freenet Cityline GmbH, a unit of Freenet AG , has been helping Cisco's PSIRT investigate the vulnerability.

— Craig Matsumoto, Senior Editor, Light Reading

Pete Baldwin 12/5/2012 | 3:44:10 AM
re: Black Hat Flaw Eludes Cisco Reportedly, the PIX flaw comes up when specially crafted SIP messages go through -- similar to the "malformed packets" that open so many IOS vulnerabilities.

Anyone got a gut feeling about this they'd like to share? Is it a sign of a larger, general vulnerability in PIX (or in firewalls in general) ... or a one-off problem, considering it (apparently) can't easily be found? I'm leaning toward the latter.
Sign In