PIX Firewall Vulnerable to TCP RST Packets

PIX Firewall Vulnerable to TCP RST Packets
Reported July 11 by Cisco Systems

Cisco PIX Firewall software releases 4.2(5), 4.4(4), 5.0(3) and 5.1(1)


Individual PIX Firewall sessions can be shut down by sending a specifically crafted TCP RST (reset) packet to the firewall device. In order for an attack to be effective the RST packet must contain valid  information for source and destination ports and addresses that matches an active session in the firewall"s connection table. Therefore, without detailed knowledge of the firewall"s connection table would be unable to deny service to active sessions. 



Cisco offers free software upgrades to correct this problem for all of their affected customers. According to Cisco"s bulletin, customers with contracts should obtain upgraded software through their regular update channels. Customers without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) at 800-553-2447 (toll-free from within North America) or 408-526-7209 (toll call from anywhere in the world) or e-mail: [email protected]

Additional contact information for the Cisco TAC for non-English speakers is available at http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.

Discovered by Cisco Systems

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.