Cisco puts question mark over claimed hack
Can't reproduce "really easy" firewall problem.
By Robert McMillan, IDG News Service | Published: 11:51, 16 August 2006
Cisco has called into question the existence of a "really easy" hack of its firewall software by announcing it has been unable to reproduce the claimed hack.
The alleged flaw was discovered by Hendrik Scholz, a developer with Freenet Cityline, who discussed it in a presentation at the Black Hat USA conference earlier this month.
Scholz claimed that if someone sent the PIX device a specially-crafted SIP message, the firewall would then allow attackers to send traffic to any device on the network.
"We've had engineers both within the business unit and within our PSIRT (product security incident response team) organisation looking into this," said John Noh, a Cisco spokesman. "We have not been able to replicate what he claims he has discovered."
Cisco had not ruled out the possibility that a flaw exists and is still testing its security appliances for a possible vulnerability, Noh said. But the company wanted to update customers on what it had found so far, he explained.
"This is just a response for the benefit of our customers who might have seen the press coverage."
Scholz could not be reached immediately for comment. During his presentation, the security researcher said exploiting the flaw was "really easy to do." But in an e-mail interview conducted a week later, Scholtz said that a hacker would first need to know "intimate details" about the network being attacked and have control of a device on the inside in order to pull off the attack.
