TippingPoint畸形报文绕过攻击检测漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193998 漏洞类型 设计错误
发布时间 2006-07-26 更新时间 2006-07-28
CVE编号 CVE-2006-3678 CNNVD-ID CNNVD-200607-443
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2006070123
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-443
|漏洞详情
TippingPointOS是TippingPoint系列入侵检测设备所使用的操作系统。TippingPoint处理畸形报文时存在漏洞,远程攻击者可能利用此漏洞使之失去攻击检测功能。如果向TippingPoint设备发送了畸形的报文的话,就会导致设备回退到2层模式。在这种模式下设备会不进行任何检查便转发所有的通讯,导致绕过检测。
|漏洞EXP
CYBSEC S.A.
www.cybsec.com

Pre-Advisory Name: TippingPoint detection bypass
==============

Vulnerability Class: Design flaw
==============

Release Date: 07/24/2006
==========

Affected Platforms:
=============
* All TippingPoint appliances with TOS <= 2.2.3.6514

Local / Remote: Remote
===========

Severity: High
======

Author: Andres Riancho
=====

Vendor Status:
===========
* Confirmed, update released.

Reference to Vulnerability Disclosure Policy:
================================
http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:
==================
A malformed packet can force the appliance to fallback to layer 2 mode. In this mode the appliance forwards all traffic without inspection.

Technical Details:
=============
Technical details will be released 30 days after publication of this pre-advisory. This was agreed upon with TippingPoint to allow their customers to upgrade affected software prior to technical knowledge been publicly available.

Impact:
=====
Exploiting this vulnerability, an attacker would be able to bypass all filters and detection.

Solutions:
=======
TippingPoint has released a new version of the TippingPoint OS to address this vulnerability. Customers should apply the new firmware immediately.

Vendor Response:
=============
* 06/02/2005: Initial Vendor Contact.
* 06/20/2006: Vendor Confirmed Vulnerability.
* 07/21/2006: Vendor Releases Update.
* 07/24/2006: Pre-Advisory Public Disclosure.

Contact Information:
==============
For more information regarding the vulnerability feel free to contact the author at ariancho {at} cybsec.com.

For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems 
-- 
---------------------------- 
Andres Riancho
CYBSEC S.A. Security Systems 
E-mail: ariancho (at) cybsec (dot) com [email concealed] 
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=ariancho
Tel/Fax: [54-11] 4371-4444
Web: http://www.cybsec.com 
-----------------------------
|参考资料

来源:www.3com.com
链接:http://www.3com.com/securityalert/alerts/3COM-06-003.html
来源:BID
名称:19125
链接:http://www.securityfocus.com/bid/19125
来源:BUGTRAQ
名称:20060724[CYBSEC]TippingPointdetectionbypass
链接:http://www.securityfocus.com/archive/1/archive/1/440944/100/0/threaded
来源:VUPEN
名称:ADV-2006-2956
链接:http://www.frsirt.com/english/advisories/2006/2956
来源:XF
名称:tippingpoint-ips-pagefault-detection-bypass(27934)
链接:http://xforce.iss.net/xforce/xfdb/27934
来源:SECTRACK
名称:1016562
链接:http://securitytracker.com/id?1016562
来源:SREASON
名称:1286
链接:http://securityreason.com/securityalert/1286
来源:SECUNIA
名称:21154
链接:http://secunia.com/advisories/21154