|
TippingPoint Layer 2 Mode Security Bypass Vulnerability
|
|
Secunia Advisory:
|
SA21154
|
|
|
Release Date:
|
2006-07-26
|
|
Last Update:
|
2006-08-02
|
|
Popularity:
|
5,741 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | TippingPoint IPS (TOS) 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-3678
|
|
Description:
Andres Riancho has reported a vulnerability in TippingPoint products, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused by an error in TOS (TippingPoint OS). This can be exploited to force the appliance to fall back to layer 2 mode by sending a specially crafted packet.
Successful exploitation causes traffic to be forwarded without inspection.
The vulnerability has been reported for all TippingPoint products based on TOS version 2.2.3.6514. Prior versions may also be affected.
Solution:
According to the researcher, the vendor has issued an updated version.
Provided and/or discovered by:
Andres Riancho, Cybsec Security Systems.
Changelog:
2006-08-02: Added CVE reference.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
