-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf
)
CYBSEC S.A.
www.cybsec.com
http://www.cybsec.com/vulnerability_policy.pdf
"The TippingPoint Intrusion Prevention System (IPS) is an
award-winning security solution that blocks worms,
viruses, Trojans, Denial of Service and Distributed Denial of Service
attacks, Spyware, VoIP threats, and
Peer-to-Peer threats. Inspecting traffic through Layer 7, the IPS
blocks malicious traffic before damage occurs."
When IP packets are fragmented in a special way, the appliance fails
to correctly reassemble the data stream.
Technical details will be released 30 days after publication of this
pre-advisory.
This was agreed upon with TippingPoint to allow their customers to
upgrade affected software prior to technical
knowledge been publicly available.
Exploiting this vulnerability, an attacker would be able to bypass all
filters and detection.
TippingPoint has released a new version of the TippingPoint OS to
address this vulnerability. Customers
should apply the new firmware immediately. More information can be
found at
http://www.3com.com/securityalert/alerts/3COM-07-002.html
For more information regarding the vulnerability feel free to contact
the author at ariancho {at} cybsec.com.
For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
Andres Riancho
CYBSEC S.A. Security Systems
E-mail: [email protected]
PGP key: http://www.cybsec.com/pgp/ariancho.txt
Tel/Fax: [54 11] 4371-4444
Web: http://www.cybsec.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGlMsB1351/apVCtIRArLwAJ9ntxG9m3NXMtEsue4NyukuujQetACfdRgJ
d0RW2DQcKlpmc97RhmhSt0U=
=gwf5
-----END PGP SIGNATURE-----