TITLE: Cisco PIX/ASA/FWSM WebSense URL Filtering Bypass SECUNIA ADVISORY ID: SA20044 VERIFY ADVISORY: http://secunia.com/advisories/20044/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Cisco PIX 6.x http://secunia.com/product/56/ Cisco Adaptive Security Appliance (ASA) 7.x http://secunia.com/product/6115/ Cisco PIX 7.x http://secunia.com/product/6102/ SOFTWARE: Cisco Firewall Services Module (FWSM) 3.x http://secunia.com/product/8614/ Cisco Firewall Services Module (FWSM) 2.x http://secunia.com/product/5088/ DESCRIPTION: George D. Gal has reported a vulnerability in Cisco PIX/ASA/FWSM, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the handling of fragmented HTTP requests. This can be exploited to bypass Websense URL filtering and gain access to restricted websites via HTTP GET requests that are fragmented into multiple packets. Successful exploitation requires that PIX, ASA, or FWSM are configured to use Websense/N2H2 for content filtering. The vulnerability has been reported in the following products: * Cisco PIX software version 6.3.x and older. * Cisco PIX/ASA software version 7.x. * Cisco FWSM software version 2.3 and 3.1. SOLUTION: Update to the fixed versions. FWSM version 2.3: Update to version 2.3(4). http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6000-fwsm?psrtdcat20e2 FWSM version 3.1: Update to version 3.1(1.7). Contact Cisco TAC or Cisco support partner for the updates. PIX version 6.3.x: Update to version 6.3.5(112). Contact Cisco TAC or Cisco support partner for the updates. PIX/ASA version 7.x: Update to version 7.0(5) or 7.1(2). http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2 http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: George D. Gal ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060508-pix.shtml Virtual Security Research, LLC: http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------