AOH :: HP Unsorted T :: TB11591.HTM

TippingPoint detection bypass
TippingPoint detection bypass
TippingPoint detection bypass

Hash: SHA1

(The following advisory is also available in PDF format for download at: 
Pre-Advisory Name: TippingPoint detection bypass
Vulnerability Class: Design flaw
Release Date: 2007-07-04
Affected Platforms:
==================* TippingPoint IPS running TOS versions 2.1.x, 2.2.x prior to 2.2.5,
and 2.5.x prior to 2.5.2
Local / Remote: Remote
Severity: High
Author:  Andres Riancho
Vendor Status:
=============* Confirmed, updates released.
Reference to Vulnerability Disclosure Policy:
Product Overview:
================"The TippingPoint Intrusion Prevention System (IPS) is an
award-winning security solution that blocks worms,
viruses, Trojans, Denial of Service and Distributed Denial of Service
attacks, Spyware, VoIP threats, and
Peer-to-Peer threats. Inspecting traffic through Layer 7, the IPS
blocks malicious traffic before damage occurs."
Vulnerability Description:
=========================When IP packets are fragmented in a special way, the appliance fails
to correctly reassemble the data stream.
Technical Details:
=================Technical details will be released 30 days after publication of this
This was agreed upon with TippingPoint to allow their customers to
upgrade affected software prior to technical
knowledge been publicly available.
======Exploiting this vulnerability, an attacker would be able to bypass all
filters and detection.
=========TippingPoint has released a new version of the TippingPoint OS to
address this vulnerability. Customers
should apply the new firmware immediately. More information can be
found at 
Vendor Response:
===============* 2006-02-06: Initial Vendor Contact.
* 2006-06-20: Vendor Confirmed Vulnerability.
* 2007-07-04: Vendor Releases Update.
Contact Information:
===================For more information regarding the vulnerability feel free to contact
the author at ariancho {at}
For more information regarding CYBSEC: 
(c) 2006 - CYBSEC S.A. Security Systems

- --
- ----------------------------
Andres Riancho
CYBSEC S.A. Security Systems
PGP key: 
Tel/Fax: [54 11] 4371-4444
- -----------------------------
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to