[CYBSEC] TippingPoint detection bypass


Pre-Advisory Name: TippingPoint detection bypass

Vulnerability Class: Design flaw

Release Date: 07/24/2006

Affected Platforms:
* All TippingPoint appliances with TOS <=

Local / Remote: Remote

Severity: High

Author: Andres Riancho

Vendor Status:
* Confirmed, update released.

Reference to Vulnerability Disclosure Policy:

Vulnerability Description:
A malformed packet can force the appliance to fallback to layer 2 mode. In this mode the appliance forwards all traffic without inspection.

Technical Details:
Technical details will be released 30 days after publication of this pre-advisory. This was agreed upon with TippingPoint to allow their customers to upgrade affected software prior to technical knowledge been publicly available.

Exploiting this vulnerability, an attacker would be able to bypass all filters and detection.

TippingPoint has released a new version of the TippingPoint OS to address this vulnerability. Customers should apply the new firmware immediately.

Vendor Response:
* 06/02/2005: Initial Vendor Contact.
* 06/20/2006: Vendor Confirmed Vulnerability.
* 07/21/2006: Vendor Releases Update.
* 07/24/2006: Pre-Advisory Public Disclosure.

Contact Information:
For more information regarding the vulnerability feel free to contact the author at ariancho {at} cybsec.com.

For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
Andres Riancho
CYBSEC S.A. Security Systems
E-mail: ariancho@xxxxxxxxxx
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=ariancho
Tel/Fax: [54-11] 4371-4444
Web: http://www.cybsec.com