SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Intrusion Detection)  >   TippingPoint Intrusion Prevention System Vendors:   3Com
TippingPoint Intrusion Prevention System Fragmented Packet Processing Lets Remote Users Evade Detection
SecurityTracker Alert ID:  1018386
SecurityTracker URL:  http://securitytracker.com/id/1018386
CVE Reference:   CVE-2007-3711   (Links to External Site)
Updated:  May 6 2008
Original Entry Date:  Jul 13 2007
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.1.x, 2.2.x prior to 2.2.5, and 2.5.x prior to 2.5.2
Description:   A vulnerability was reported in TippingPoint Intrusion Prevention System. A remote user can evade detection.

A remote user can send specially fragmented packets to evade detection.

The vendor was notified on February 6, 2006.

The vendor credits Andres Riancho of Cybsec Security Systems with reporting this vulnerability.

The original advisory is available at:

http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf

Impact:   A remote user can evade detection.
Solution:   The vendor has issued fixed versions (2.5.2 and 2.2.5).

The 3Com advisory is available at:

http://www.3com.com/securityalert/alerts/3COM-07-002.html

Vendor URL:  www.3com.com/securityalert/alerts/3COM-07-002.html (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC