Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Intrusion Detection)  >   TippingPoint Intrusion Prevention System Vendors:   3Com
TippingPoint Intrusion Prevention System Lets Remote Users Bypass the Detection Mechanism
SecurityTracker Alert ID:  1016562
SecurityTracker URL:
CVE Reference:   CVE-2006-3678   (Links to External Site)
Updated:  Jun 13 2008
Original Entry Date:  Jul 24 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): and prior versions
Description:   A vulnerability was reported in the TippingPoint Intrusion Prevention System. A remote user can shutdown the detection mechanism.

A remote user can send a specially crafted packet to cause the target device to fallback to layer 2 mode, where all traffic is forwarded without inspection.

The vendor was notified on June 2, 2006.

Andres Riancho of CYBSEC reported this vulnerability.

Impact:   A remote user can shutdown the detection mechanism.
Solution:   The vendor issued a fix (on July 21, 2006).
Vendor URL: (Links to External Site)
Cause:   Exception handling error

Message History:   None.

 Source Message Contents

Subject:  [CYBSEC] TippingPoint detection bypass


Pre-Advisory Name: TippingPoint detection bypass

Vulnerability Class: Design flaw

Release Date: 07/24/2006

Affected Platforms:
* All TippingPoint appliances with TOS <=

Local / Remote: Remote

Severity: High

Author: Andres Riancho

Vendor Status:
* Confirmed, update released.

Reference to Vulnerability Disclosure Policy:

Vulnerability Description:
A malformed packet can force the appliance to fallback to layer 2 mode. In this mode the appliance forwards all traffic without inspection.

Technical Details:
Technical details will be released 30 days after publication of this pre-advisory. This was agreed upon with TippingPoint to allow
 their customers to upgrade affected software prior to technical knowledge been publicly available.

Exploiting this vulnerability, an attacker would be able to bypass all filters and detection.

TippingPoint has released a new version of the TippingPoint OS to address this vulnerability. Customers should apply the new firmware

Vendor Response:
* 06/02/2005: Initial Vendor Contact.
* 06/20/2006: Vendor Confirmed Vulnerability.
* 07/21/2006: Vendor Releases Update.
* 07/24/2006: Pre-Advisory Public Disclosure.

Contact Information:
For more information regarding the vulnerability feel free to contact the author at ariancho {at}

For more information regarding CYBSEC:
(c) 2006 - CYBSEC S.A. Security Systems 
Andres Riancho
CYBSEC S.A. Security Systems 
PGP key:
Tel/Fax: [54-11] 4371-4444


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC