BugTraq
3Com's TippingPoint Denial of Service Apr 24 2007 09:24PM
mike20061005 webmail co za (2 replies)
Re: 3Com's TippingPoint Denial of Service Apr 25 2007 10:00PM
Secure 3com com
TippingPoint is committed to assuring the security of our customers, and
we take all reports of potential security issues against our products very
seriously.

Even though this report seems less than credible, we would encourgage the
author of this "advisory" to contact us directly and provide us with
additional details and sources to allow us to investigate this claim.
All though there seems to be limited to no information available on how
this apparent "Denial of Service" would be carried out, we've put our
resources towards attempting to reproduce the issue, and all versions of
our TOS have performed as expected with no DoS emerging.

Again, if the poster of this advisory has additional information available
that would allow us to successfully reproduce these claims, we would
appreciate if it was submitted to us for investigation.
Submissions can be made to secure (at) 3Com (dot) com [email concealed] or on the web at
www.3com.com/security.

Kind Regards,
TippingPoint Security Response Team

mike20061005 (at) webmail.co (dot) za [email concealed]
04/24/2007 02:24 PM

To
bugtraq (at) securityfocus (dot) com [email concealed]
cc

Subject
3Com's TippingPoint Denial of Service

Vulnerability: Denial of Service
Affected Product: 3Com's TippingPoint IPS
Affected Versions: All

Author: Corroded_Lunchmeats_X

Issue:
======

TippingPoint IPS is prone to DoS when a sequence of crafted packets are
destined for port 80.

Details:
========

When quickly flooded with packets destined for port 80, and an
incrementing
source port this causes the software to consume a huge amount of CPU time,
due to a badly written loop, causing the device to stop responding.

Credits:
========

The Kinders Kricket Krew, Aunty_Richard, The dinosaurs who died in the
explosion.

Disclaimer:
===========

This document and all the information it contains are provided "as is",
for educational purposes only, without warranty of any kind, whether
express or implied.

The authors reserve the right not to be responsible for the topicality,
correctness, completeness or quality of the information provided in
this document. Liability claims regarding damage caused by the use of
any information provided, including any kind of information which is
incomplete or incorrect, will therefore be rejected.

-------------------------------------------
South Africas premier free email service - www.webmail.co.za
------------------------------------------------------------------
For super low premiums, click here http://www.webmail.co.za/dd.pwm

[ reply ]
Re: 3Com's TippingPoint Denial of Service Apr 24 2007 10:26PM
Simple Nomad (thegnome nmrc org)


 

Privacy Statement
Copyright 2010, SecurityFocus