Description
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
Affected products
- 3com / tippingpoint_ips_tos2.1 – 2.1
- 3com / tippingpoint_ips_tos2.1.4.6324 – 2.1.4.6324
- 3com / tippingpoint_ips_tos2.2 – 2.2
- 3com / tippingpoint_ips_tos2.2.1 – 2.2.1
- 3com / tippingpoint_ips_tos2.2.1.6506 – 2.2.1.6506
- 3com / tippingpoint_ips_tos2.2.2 – 2.2.2
- 3com / tippingpoint_ips_tos2.2.3 – 2.2.3
- 3com / tippingpoint_ips_tos2.2.4 – 2.2.4
- 3com / tippingpoint_ips_tos2.5 – 2.5
- 3com / tippingpoint_ips_tos2.5.1 – 2.5.1
- tippingpoint / tipping_pointx505 – x505
- tippingpoint / tipping_point50 – 50
- tippingpoint / tipping_pointzpha – zpha
- tippingpoint / tipping_pointx506 – x506
- tippingpoint / tipping_point200 – 200
- tippingpoint / tipping_point200e – 200e
- tippingpoint / tipping_point400 – 400
- tippingpoint / tipping_point600e – 600e
- tippingpoint / tipping_point1200 – 1200
- tippingpoint / tipping_point1200e – 1200e
- tippingpoint / tipping_point2400e – 2400e
- tippingpoint / tipping_point5000e – 5000e
- tippingpoint / tipping_pointsms – sms
References
- MISChttp://www.securityfocus.com/bid/24855
- VENDOR_ADVISORYhttp://secunia.com/advisories/26013
- MISChttp://www.securitytracker.com/id?1018361
- MISChttp://www.3com.com/securityalert/alerts/3COM-07-003.html
- VENDOR_ADVISORYhttp://security-assessment.com/files/advisories/2007-07-11_Tippingpoint_IPS_Signature_Evasion.pdf
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064550.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2490
- MISChttp://www.securityfocus.com/archive/1/473311/100/0/threaded
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/35336
- MISChttp://osvdb.org/35970