Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TippingPoint detection bypass

from [Andres Riancho] Network Security [Permanent Link]
Subject: TippingPoint detection bypass
Date: Wed, 11 Jul 2007 09:26:51 -0300 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf
)
 
 
CYBSEC S.A.
www.cybsec.com
 
 
Pre-Advisory Name: TippingPoint detection bypass
==================
 
Vulnerability Class: Design flaw
====================
 
Release Date: 2007-07-04
=============
 
Affected Platforms:
===================
* TippingPoint IPS running TOS versions 2.1.x, 2.2.x prior to 2.2.5,
and 2.5.x prior to 2.5.2
 
Local / Remote: Remote
===============
 
Severity: High
=========
 
Author:  Andres Riancho
=======
 
Vendor Status:
==============
* Confirmed, updates released.
 
Reference to Vulnerability Disclosure Policy:
=============================================
http://www.cybsec.com/vulnerability_policy.pdf
 
Product Overview:
=================
"The TippingPoint Intrusion Prevention System (IPS) is an
award-winning security solution that blocks worms,
viruses, Trojans, Denial of Service and Distributed Denial of Service
attacks, Spyware, VoIP threats, and
Peer-to-Peer threats. Inspecting traffic through Layer 7, the IPS
blocks malicious traffic before damage occurs."
 
Vulnerability Description:
==========================
When IP packets are fragmented in a special way, the appliance fails
to correctly reassemble the data stream.
 
Technical Details:
==================
Technical details will be released 30 days after publication of this
pre-advisory.
This was agreed upon with TippingPoint to allow their customers to
upgrade affected software prior to technical
knowledge been publicly available.
 
Impact:
=======
Exploiting this vulnerability, an attacker would be able to bypass all
filters and detection.
 
Solutions:
==========
TippingPoint has released a new version of the TippingPoint OS to
address this vulnerability. Customers
should apply the new firmware immediately. More information can be
found at
http://www.3com.com/securityalert/alerts/3COM-07-002.html
 
 
Vendor Response:
================
* 2006-02-06: Initial Vendor Contact.
* 2006-06-20: Vendor Confirmed Vulnerability.
* 2007-07-04: Vendor Releases Update.
 
 
Contact Information:
====================
For more information regarding the vulnerability feel free to contact
the author at ariancho {at} cybsec.com.
 
For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems

- --
- ----------------------------
Andres Riancho
CYBSEC S.A. Security Systems
E-mail: ariancho@cybsec.com
PGP key: http://www.cybsec.com/pgp/ariancho.txt
Tel/Fax: [54 11] 4371-4444
Web: http://www.cybsec.com
- -----------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGlMyL1351/apVCtIRAlJXAJ9bQReWVOzDQvoCVmJ+X2hkciFF8ACfQ+DR
LdXJ4JniTu0bL+4U/65XjEM=
=uRpr
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • TippingPoint detection bypass, Andres Riancho <=
Previous by Date:  Re: Detecting covert data channels?, jasonj
Next by Date:  CFP now open for ClubHack, India's own hackers' convention, RS
Previous by Thread:  Re: Detecting covert data channels?, jasonj
Next by Thread:  CFP now open for ClubHack, India's own hackers' convention, RS
Indexes:  [Date] [Thread] [Top] [All Lists]